By Zoe Gorman
Ninety-percent of journalists believe their Internet Service Providers (ISP) would share their data with the NSA, and 64 percent believe the government has already collected their communications data. With the Patriot Act targeting and convincing whistle blowers, how can reporters keep sources safe?
The closing event of Columbia University’s Tow Center for Digital Journalism’s “Journalism After Snowden,” held at the Knight Conference Center of the Newseum in D.C., grappled with this question and the role of the media in reporting sensitive national security matters.
But despite two impressive panels featuring Dean Baquet, the Executive Editor of the New York Times, Marty Baron, the Executive Editor of the Washington Post, and Times national security correspondent David Sanger — the conference left most issues about the precarious future of journalism unresolved.
“I think we are woefully unprepared for the monitoring that will take place, and probably already does take place,” Mr. Baron said of the government’s scrutiny of the media.
In a time of ubiquitous data collection, cyber warfare, and the most secretive administration in history, the period journalists can keep a secret has compressed from years to days. The days of “Deep Throat,” a source Bob Woodward of the Washington Post protected for over 30 years for his information about the Watergate Scandal, seem distant memories.
Meanwhile, the press has little insight into much of government foreign programs, said Mr. Baquet. The Times, for example, has only vague ideas as to what house-to-house warfare looks like in Afghanistan, with what frequency the CIA launches drone strikes, why the government issues sanctions on certain companies, or what U.S. foreign agencies do in Africa.
“There is more significant national security policy being done in secret now than in any time in history,” Mr. Baquet said.
To open communication channels while protecting whistleblowers, journalists have to learn how to keep secrets too. Mr. Sanger said government data monitoring encourages some journalists to return to the old “shoe-leather reporting” techniques of recording interviews on paper and in person. These methods become particularly vital when reporting overseas, where journalists are subjected to hacking from Russian, Chinese and other foreign administrations and parties.
Others have opted to jump into the digital age, arming themselves with encryption technologies to frustrate hackers. Leak cases can be proven from digital evidence, rather than journalist testimony, so encryption is a way of reclaiming privacy rights in the age of mass surveillance, said Trevor Timm, co-founder of the Freedom of the Press Foundation.
Encryption is particularly pertinent among reporters covering national security, a process Mr. Baron said involves “jousting with the government over methodology.” The Washington Post sits down with governmental officials, he said, and goes through facts in a story one by one before the information hits the press. Editors will listen to all drawbacks of publishing information, then make decisions about what to disclose. The majority of the Snowden papers have not been released, Mr. Baron added, and Mr. Snowden trusted the press to find a balance between transparency and security.
“I am a US citizen like everyone else. I have to be concerned about national security,” Mr. Baron said. “But I’m also concerned about the public interest. I’m concerned about our democracy. I’m concerned about secret government.”
Reporters select and combine numerous strategies for protecting data, ProPublica’s Julia Angwin explained. Protection avenues are represented in the chart below:
|Hide||Use a “secret partition” that makes it appear the data is not there at all.|
|Encrypt||Scramble a message so that only a user with the correct “key” can unlock the data. Use systems such as Secure Drop or Apple Facetime to protect from data hackers.|
|Mask||Steganography: conceal one message in another such that an outsider would not realize a secret message was being sent.|
|Add Noise||Call everyone instead of just a source to obscure record.|
|Cloak||Use a false identity on cards or public reservations to derail attention.|
|Evade||Meet in places without cameras; do not bring phone to meetings.|
Encryption mechanisms such as Secure Drop, the “open face whistleblower submission system,” allow sources to dump documents into a journalist’s secure folder without being traced or identified; the journalists then needs to take steps to verify a source or the validity of materials. To protect emails, texts, files, texts and whole disk partitions, Pretty Good Privacy (PGP) harnesses a multi-step process of scrambling or “hashing” the data, compressing it, and assigning various access keys.
Ms. Angwin said she uses a “USB condom,” a small hardware device that blocks unwanted information from transferring to and from a computer. Without the device, she said it might be possible for hackers to invade a computer that was not connected to the internet.
Another good practice, Mr. Sanger added, is to communicate via iMessage or Apple Facetime for iPhone. These communications are encrypted: Apple has no access to the data, and cannot reveal it to the NSA.
But even encryption methods can unravel through user error or common trickery, as befell Jesselyn Radack when a hacker impersonated political journalist Glenn Greenwald to gain access to her email encryption key. Ms. Radack, who continues to represent whistleblowers such as Edward Snowden and serves as the national security and human rights director of the Government Accountability Project, told the audience encryption is necessary for attorneys to protect their clients, but not a guarantee.
The panel also did not address how users of Secure Drop or PGP would know if the NSA had decrypted their systems.
A Pew Research Center study surveying 2,723 practicing journalists and evaluating the 671 respondents showed half of the journalists working for a news organization (88 percent of respondents) said their organization is not doing enough to protect them and their sources. The same study found 71 percent of journalists had little or no confidence that ISPs could protect their data, and only two percent had a lot of confidence.
Twenty-one of the 25 top news organizations globally are targeted by state actors, said Morgan Marquis-Boire, director for security at First Look Media. Major media outlets continue to set aside insufficient budgets, if any, to protect their information, he added, and as a result, the onus falls on reporters to educate and protect themselves.
Zoe Gorman is a Senior Writer with Center for Media & Peace Initiatives