Tag Archives: surveillance

Brave new world? 5 things your newsroom can do now to protect your journalism against the Snooper’s Charter

The Investigatory Powers Act has now been law for almost six months. For journalists and publishers this means having to remember that the webpages that you and your sources visit, who you call on your phone, and where you take it, are all being collected and potentially accessed by a range of authorities*.

It also gives the state the power to hack into devices and to require companies to help them compromise the security of users of their websites and apps.

But most importantly, it means understanding that unlike previous legal regimes it is likely that you will not be aware if any of this is happening, nor will you have an opportunity to mount a legal defence to argue against it.

If this makes you feel powerless to protect your sources, here are some things you can do to feel better:

Continue reading

Advertisements

Research on information security in local newspapers – the published version

Pie chart: 88% of respondents did not know what their employers were doing about information security

Previously on OJB I posted about some ongoing research I was conducting into whether security practices in local news organisations had changed in the wake of the Snowden and RIPA (UK surveillance powers) revelations.

Now the full research paper has been published in the academic journal Digital Journalism, as part of a special edition on Journalism, Citizenship and Surveillance Society. The abstract pretty much sums it up:

“Despite reports of widespread interception of communications by the UK government, and revelations that police were using surveillance powers to access journalists’ communications data to identify sources, regional newspaper journalists show few signs of adapting source protection and information security practices to reflect new legal and technological threats, and there is widespread ignorance of what their employers are doing to protect networked systems of production. This paper argues that the “reactive” approach to source protection that seeks to build a legal defence if required, is no longer adequate in the context of workforce monitoring, and that publishers need to update their policies and practice to address ongoing change in the environment for journalists and sources.”

Other highlights of the edition include:

The machine that learns how to stop whistleblowers

INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY

An example of whistleblower behaviour taken from Harry McLaren’s slides

Workplace surveillance is nothing new, but this slide from Harry McLaren’s talk on Machine Learning for Threat Detection illustrates particularly well the challenges facing journalists wishing to protect whistleblowers.

McLaren is talking about malicious threats, and the way that machine learning can be used to identify suspicious patterns of behaviour. But the example given above is equally useful in illustrating the way that similar behaviour might be used to identify an employee intending to whistleblow on illegal, unethical or dangerous behaviour by his or her organisation. Continue reading

How publishers could end up helping authorities hack their own readers

Alan Rusbridger holding the destroyed Snowden files hard disk

The Guardian complied when authorities demanded they destroy the Snowden files

So far most of the talk about the Investigatory Powers Bill has been about the lack of protection for journalists’ sources thrown up by powers to intercept communications.

But there’s another part to the Bill which relates to facilitating state hacking – and an analysis by Danny O’Brien has thrown up some worrying ambiguity on this front for publishers – not just those based in the UK. Continue reading

VIDEO: Surveillance and the ‘1984 Generation’

Online video project newsPeeks have put together a documentary on surveillance. I really enjoyed it, so I’m sharing it here. Not only is the content great (newsPeeks were live at the Logan Symposium on the topic late last year so got some great contacts), but the production is a great example of online-native video (disclosure: I’m an unpaid advisor).

Continue reading

FAQ: Investigative journalism now – and its future

The latest in the series of FAQ posts comes from a student in Germany who is interested in how investigative journalism is affected by the financial situation of publishers, and how it might develop in the next decade. Continue reading

“Don’t be afraid: keep them afraid” and other notes from the Logan Symposium on surveillance’s first day

Don't be afraid. But keep them afraid.

Seymour’s parting advice to young journalists: maintain a watchdog role and hold power to account

On Friday I was at the Logan Symposium on secrecy, surveillance and censorship, an event which, as is often the case with these things, managed to be inspiring, terrifying, and confusing in equal measure.

Notably, Director of the Centre for Investigative Journalism Gavin MacFadyen opened the day by talking about investigative journalists and hackers together.

It is common to hear attacks on journalists mentioned at these events, but rare to hear an old-fashioned hack like MacFadyen also talk about the “growing number of hackers being imprisoned”, while noting the commonalities of a desire for a free press, free speech, and “a free internet”. Continue reading