Tag Archives: security

The Government wants to know where you were online, when. Why journalists should be cautious

 

tor https infographic

The EFF have an interactive graphic which shows you what information can be grabbed when you’re using Tor or HTTPS

Home secretary Theresa May wants to be able to connect IP addresses (which identify machines) with users (those using it at that particular time).

In a nutshell this means being able to identify whether you were in a particular place at a particular time – only the ‘place’ in question happens to be virtual: a website.

Now clearly this is aimed at identifying terrorists and paedophiles. But then so was RIPA, a law which has been used to spy on journalists and intimidate staff who speak to them and to “pull reporters’ phone records in every single leak inquiry in the last ten years“, including all calls to the Sun’s newsdesk and by their political editor in one inquiry.

In recent weeks we have heard about prison officials monitoring confidential phonecalls between MPs and prisoners, and between lawyers and their clients. Continue reading

Watch: why every publisher should switch to HTTPS (and you should too)

This video, from this year’s Google I/O conference, is one of the best explanations I’ve seen on HTTPS with regard to publishers.

It’s worth watching for five minutes or so to get an insight into why HTTPS is so important not just in protecting users, but also in protecting your own reputation.

HTTPS protects users because it prevents others from seeing what sites they visited before and after yours, and what pages they’re looking at on your site.

Imagine a whistleblower checking your site or profile out, or indeed one of your own journalists visiting it using hotel or coffee shop wifi, and you have an idea what I mean.

But HTTPS also prevents hackers from impersonating your site in order to collect user data. I imagine most publishers will be more concerned with their customers than their sources.

For journalists who suddenly realise that their web browsing is public information, I recommend the browser plugin HTTPS Everywhere, which turns on HTTPS by default (where sites support it) in Chrome, Firefox, Firefox on Android, or Opera.

So Google scans email for dodgy images – should we be worried about scanning for sensitive documents?

Gmail logo

You could be forgiven for not having heard of John Henry Skillern. The 41 year old is facing charges of possession and promotion of child pornography after Google detected images of child abuse on his Gmail account.

Because of his case we now know that Google “proactively scours hundreds of millions of email accounts” for certain images. The technology has raised some privacy concerns which have been largely brushed aside because, well, it’s child pornography.

Sky’s technology correspondent Tom Cheshire, for example, doesn’t think it is an invasion of our privacy for “technical and moral reasons”. But should journalists be worried about the wider applications of the technology, and the precedent being set?

Continue reading

Why every journalist should have a threat model (with cats)

Just because you're paranoid doesn't mean they aren't after you

If you’re a journalist in the 21st century you have two choices: you can choose to be paranoid, or you can choose to be delusional.

The paranoid journalist assumes that someone is out to get them. The delusional journalist assumes that no one is.

In this post I will explain why and how every journalist – whether you’re a music reporter or a political correspondent – can take a serious and informed look at their security and arrive at a reasonable evaluation of risks and safeguards.

Don’t panic. I promise that by the end of this piece you will be less anxious about security, and no longer paranoid. I also promise to use lots of lolcats. Continue reading

Interview: president of IRPI Cecilia Anesi talks about secure leaks platform IRPILeaks

IRPI leaks

Last year the Investigative Reporting Italian Project (IRPI) introduced a platform for Italian and international whistleblowers, the first of its kind in the country.

The project has been called IRPILeaks and, like the Dutch PubLeaks and WikiLeaks, is a tool for those want to leak staying anonymous and safe.

IRPI aims to use this anonymity to encourage leaks from people who want to expose misconducts of companies and public authorities. A list of risks they could face in the process is published on IRPI‘s site. Continue reading

Web security for journalists – takeaway tips and review

Web security for journalists - book cover

Early in Alan Pearce‘s book on web security, Deep Web for Journalists, a series of statistics appears that tell a striking story about the spread of surveillance in just one country.

199 is the first: the number of data mining programs in the US in 2004 when 16 Federal agencies were “on the look-out for suspicious activity”.

Just six years later there were 1,200 government agencies working on domestic intelligence programs, and 1,900 private companies working on domestic intelligence programs in the same year.

As a result of this spread there are, notes Pearce, 4.8m people with security clearance “that allows them to access all kinds of personal information”. 1.4m have Top Secret clearance.

But the most sobering figure comes at the end: 1,600 – the number of names added to the FBI’s terrorism watchlist each day.

Predictive policing

This is the world of predictive policing that a modern journalist must operate in: where browsing protesters’ websites, making particular searches, or mentioning certain keywords in your emails or tweets can put you on a watchlist, or even a no-fly list. An environment where it is increasingly difficult to protect your sources – or indeed for sources to trust you.

Alan Pearce’s book attempts to map this world – and outline the myriad techniques to avoid compromising your sources. Continue reading