Monday, January 28, 2019
A data breach can be used to silence journalists. Neglecting to take measures to protect communications and sources creates “a weakness” for journalists, says Free Press Unlimited digital security expert Sylvain Mignot. To mark Data Protection Day, he outlines three steps journalists can (and should) take to protect their data.

Data protection can sound dry and complicated. But for journalists it’s crucial, Mignot believes. “From an ethical point of view, that’s the way to do the job. You need to protect your sources,” he says. “Secondly, it’s very efficient to attack a journalist on their communication and sources to avoid the information is disclosed. It’s a weakness not to protect your data.”

A data breach that takes place remotely might not seem as serious as a physical attack, says Mignot. But the consequences can be just as bad: “Having your office raided feels very different from having your communications hacked bit by bit, but the information a government or company can get is probably the same.”

Journalists’ personal data can be used against them and might lead to self-censorship. Disclosure of a source through a data leak can put their lives in danger, or cause them to withdraw as a source.

Fortunately there are things journalists can do to protect their data. Here’s three:

1. Protect your communications

Switch communication tools like WhatsApp and Facebook Messenger for a more secure one like Signal, Mignot says. “Everybody has a smartphone, everybody is using messaging apps. Signal works just like them. It’s very easy to use.”

While WhatsApp uses Signal’s end-to-end encryption protocol, meaning only the sender and receiver can read the content of a message, the app does store metadata: information about who you talk to, at what time, what size the messages are. A government could take steps to obtain this information, for example through a court order. Signal does not collect and store such information, meaning there is close to nothing to obtain.

2. Protect your sources

Journalists dealing with confidential information should take steps to protect their sources - the people taking risks to reveal misconduct or hold power to account. One good way to do this is by using secure dropbox systems, where whistleblowers can leave their information completely anonymously, says Mignot. “On top of it being a secure channel between journalists and potential sources, it is a permanent one. An ‘open door’ that newsrooms can maintain to facilitate future sources to come to them,” he says.

Many large news organisations already link to their own secure dropboxes on their websites. Publications including the New York Times, Buzzfeed and The Intercept use SecureDrop, an open source system (with a public source code) media organisations can install on their websites. In some countries, individual journalists or organisations can join existing secure dropboxes. Some examples are Publeaks in the Netherlands, Leaks.ng in Nigeria and IndonesiaLeaks in Indonesia. (Free Press Unlimited has been involved in setting up the whistleblowing platforms in these countries.)

3. Spread the word

At the end of the day, you can’t communicate securely with yourself, says Mignot. Others have to join in and not everyone has Signal installed on their smartphones. Mignot: “So spread the word. Try to expand these tools to your colleagues, peers and sources. Even if it’s not critical, it would be a healthy habit to recommend a source to communicate with you via a secure channel.”

Photo by Markus Spiske via Pexels