Tag Archives: research

Research on information security in local newspapers – the published version

Pie chart: 88% of respondents did not know what their employers were doing about information security

Previously on OJB I posted about some ongoing research I was conducting into whether security practices in local news organisations had changed in the wake of the Snowden and RIPA (UK surveillance powers) revelations.

Now the full research paper has been published in the academic journal Digital Journalism, as part of a special edition on Journalism, Citizenship and Surveillance Society. The abstract pretty much sums it up:

“Despite reports of widespread interception of communications by the UK government, and revelations that police were using surveillance powers to access journalists’ communications data to identify sources, regional newspaper journalists show few signs of adapting source protection and information security practices to reflect new legal and technological threats, and there is widespread ignorance of what their employers are doing to protect networked systems of production. This paper argues that the “reactive” approach to source protection that seeks to build a legal defence if required, is no longer adequate in the context of workforce monitoring, and that publishers need to update their policies and practice to address ongoing change in the environment for journalists and sources.”

Other highlights of the edition include:

Embedding is the new linking

Every web journalist knows that linking is one of the most fundamental qualities of online journalism: a web article without links is like TV without moving images.

But in the last couple of years something else has become equally important: I’m talking about the embed.

Two years ago I noted how publishers were finally getting to grips with linking – and how embedding was a major factor in that.

As material from social media has become increasingly central to news stories, content management systems have finally been adapted to allow journalists to embed the very elements they were talking about: that controversial tweet; the Facebook reaction; the damning Instagram snap; the viral YouTube video.

Now, one report has noted that almost a quarter of 1 million news articles in a study included embedded media. Continue reading

Research: regional publishers may be risking their sources and their brands

Whistle with spikes

Journalists say sources are less willing to talk because they are afraid of employers. Image by Terry Border

Local journalists don’t know how to protect their social media accounts, or the law regarding sources, and they don’t know what their employers are doing about online security.

That’s the upshot of research that I conducted with dozens of reporters around the UK – and it’s so important I’ve organised an event to tackle it.

Here are some of the key findings…

Journalists could be compromising colleagues – but they don’t think security affects them

Over the past year it’s been revealed that UK police forces have been accessing regional journalists’ communications, and at least one local authority has used its powers to spy on journalists meeting an employee: security isn’t just about GCHQ and Edward Snowden.

Social media accounts that have been hacked in the past few years include those reporting on subjects as innocuous as entertainment and the weather, while commercial organisations including Microsoft and Vodafone have hacked journalists’ communications when they wrote about them. This week a journalist was found guilty of helping hackers access a newspaper CMS, causing almost $1m in damage.

But local journalists’ and editors’ perception of the issue is that security is “another planet”, there’s no strategy for protecting branded social media accounts, and it is assumed reporters who routinely need to protect their sources are “usually pretty conversant with that kind of issue”.

Unfortunately, on the whole they are not. More than one experienced crime reporter that I spoke to operated on the basis that police requests to access their sources would come through the newspaper. “They’ve never taken action to gain that information from me,” one said.

But the key thing that I’ve discovered is that networked working practices in modern newsrooms mean that information regarding sensitive stories can still be accessed through communications with colleagues who do not consider security to affect them.

1 in 5 lack even basic password security

Despite feeling that security issues did not affect them, around half of journalists had made some changes to their behaviour online in the past year.

But a significant proportion of journalists were not even using different passwords for different accounts – one of the most basic security practices.

22% of journalists do not use different passwords for different accounts

 

16% of journalists did not do any of the following: use different passwords, clear their browser history, turn off cookies, turn off geolocation or use enhanced privacy settings on social media.

What are publishers doing about information security?

Despite hundreds of journalists and many editors signing Press Gazette’s Save Our Sources petition last year, there is no indication of leadership or communication from the top on the issue of source protection.

Journalists overwhelmingly said that they did not know what their organisation was doing about internet security. But perhaps more importantly, editors did not know either. “I should know the answer to that,” said one, “and it’s worrying that I don’t.”

88% of journalists do not know what their employers are doing regarding security

31% of journalists said their employer was doing enough to protect employees and sources

 

Strangely, even though only 4% of respondents said that their employers had taken steps in the last 12 months on the issue, almost a third of respondents made the leap of faith to say that their employers were “doing enough”.

Newsroom processes aren’t set up for modern law and technology

One thing became very clear: newsrooms and work processes are still set up for an analogue world where protecting sources is a reactive process. Discussions about sensitive sources focus on a potential legal defence if approached directly. No processes are in place to anticipate or prevent sources’ identities being accessed indirectly.

Likewise IT policies focus on protecting email – but there is little consideration to securing social media accounts.

And journalists felt unable to advise sources who were unwilling to talk because of workplace surveillance and contracts with ‘gagging’ clauses.

What I’m doing about it

I’ve organised an event to try to begin to address these issues, with people who have been directly affected, experts on law (including employment law) and people who can advise on the technical side. It’s in Salford at BBC in Media City on Friday November 6 – you can sign up here.

The ‘Metajournalist’ and the return of personalised news: research on automated reporting

Matt Carlson has written an interesting piece of research (£) into ‘The Robotic Reporter’: namely, automated journalism where articles are written by algorithms.

His interest lies largely in the “technological drama” of competing narratives and cultures – but along the way he identifies some developments and implications which appear in the minority of reports beyond those recurring stories of “augmentation or elimination” (of journalists’ jobs), but which may be more interesting. Continue reading

The 10 most-read posts (and one page) on the Online Journalism Blog in 2014

ojb post frequency 2014

The last 2 months of 2014 saw a return to regular blogging after some quiet periods earlier in the year

2014 was the 10th anniversary of the Online Journalism Blog, so I thought I’d better begin keeping track of what each year’s most-read posts were.

In 2014 the overriding themes for this blog were programming for journalists, web security, and social media optimisation. Here are the most-read posts of the year, plus one surprisingly popular new page with some background and updates. Continue reading

16 reasons why this research will change how you look at news consumption

Most research on news consumption annoys me. Most research on news consumption – like Pew’s State of the News Mediarelies on surveys of people self-reporting how they consume news. But surveys can only answer the questions that they ask. And as any journalist with a decent bullshit detector should know: the problem is people misremember, people forget, and people lie.

The most interesting news consumption research uses ethnography: this involves watching people and measuring what they actually do – not what they say they do. To this end AP’s 2008 report A New Model for News is still one of the most insightful pieces of research into news consumption you’ll ever read – because it picks out details like the role that email and desktop widgets play, or the reasons why people check the news in the first place (they’re bored at work, for example).

Now six years on two Dutch researchers have published a paper summarising various pieces of ethnographic and interview-based consumption research (£) over the last decade – providing some genuine insights into just how varied news ‘consumption’ actually is.

Irene Costera Meijer and Tim Groot Kormelink‘s focus is not on what medium people use, or when they use it, but rather on how engaged people are with the news.

To do this they have identified 16 different news consumption practices which they give the following very specific names:

  1. Reading
  2. Watching
  3. Viewing
  4. Listening
  5. Checking
  6. Snacking
  7. Scanning
  8. Monitoring
  9. Searching
  10. Clicking
  11. Linking
  12. Sharing
  13. Liking
  14. Recommending
  15. Commenting
  16. Voting

Below is my attempt to summarise those activities, why they’re important for journalists and publishers, and the key issues they raise for the way that we publish. Continue reading