Reporting on wars and natural disasters is inherently dangerous, but the spread of insurgent and criminal groups globally poses an unprecedented risk to journalists. Since the videotaped killings of James Foley and Steven Sotloff in 2014, public awareness of the risks has increased exponentially, but the dangers persist.
By Tom Lowenthal, CPJ Staff Technologist
Journalism is an information field — its practice is based on communication with sources, compiling and analyzing information and data, and then publishing and sharing the results. Like most members of modern society, journalists rely on mobile phones, laptops, email, instant messages, and online service providers to conduct their work, but journalism is heavily impacted by technology trends.
In my previous blog post I reviewed the results of a poll asking journalists if they used two-factor authentication to protect Twitter accounts from being hacked. But the importance of robust security isn't limited to personal Twitter accounts.
San Francisco, June 1, 2015--Facebook today announced that it would offer users a field to post PGP encryption keys on their profiles, and that it will use the encryption standard to protect the contents of notification emails. The improvements were announced on the social network's security blog and will gradually be rolled out to all the site's users over the coming hours.
Once upon a time, a journalist never gave up a confidential source. When someone comes forward, anonymously, to inform the public, it's better to risk time incarcerated than give them up. This ethical responsibility was also a practical and professional necessity. If you promise anonymity, you're obliged to deliver. If you can't keep your word, who will trust you in the future? Sources go elsewhere and stories pass you by.
The power of HTTPS to protect has been brought into sharp focus by a series of attacks against software collaboration site GitHub. These attacks consistently failed because of the site's universal use of HTTPS. Most recently, GitHub reported a blistering series of distributed denial of service attacks in March, which it believes were an attempt to persuade the site to remove certain content. Security researchers including Robert Graham and Insight Labs analyzed the latest GitHub attack, concluding that it appears to have been mediated by China's "great firewall" censorship system.
In a major breach of public trust and confidence, the Chinese digital certificate authority China Internet Network Information Center (CNNIC) certified false credentials for numerous domains, including several owned by Google. The deliberate breach had the potential to seriously endanger vulnerable users, such as journalists communicating with sources. The breach was discovered by Google and published on its security blog on March 23. Despite this serious lapse, it appears CNNIC's authority will not be revoked, and that its credentials will continue to be trusted by almost all computers around the world.
Do you believe the free flow of information must be protected? Sign the #RightToReport petition and demand that President Obama immediately:
1. Issue a presidential policy directive prohibiting the hacking and surveillance of journalists and media organizations.
2. Limit aggressive prosecutions that ensnare journalists and intimidate whistleblowers.
3. Prevent the harassment of journalists at the U.S. border.
Or click here to see the full petition, and join leading journalists like Christiane Amanpour, The Guardian’s Alan Rusbridger, Editor of the AP Kathleen Carroll, and Arianna Huffington in signing on.