Tag Archives: surveillance

Research on information security in local newspapers – the published version

Pie chart: 88% of respondents did not know what their employers were doing about information security

Previously on OJB I posted about some ongoing research I was conducting into whether security practices in local news organisations had changed in the wake of the Snowden and RIPA (UK surveillance powers) revelations.

Now the full research paper has been published in the academic journal Digital Journalism, as part of a special edition on Journalism, Citizenship and Surveillance Society. The abstract pretty much sums it up:

“Despite reports of widespread interception of communications by the UK government, and revelations that police were using surveillance powers to access journalists’ communications data to identify sources, regional newspaper journalists show few signs of adapting source protection and information security practices to reflect new legal and technological threats, and there is widespread ignorance of what their employers are doing to protect networked systems of production. This paper argues that the “reactive” approach to source protection that seeks to build a legal defence if required, is no longer adequate in the context of workforce monitoring, and that publishers need to update their policies and practice to address ongoing change in the environment for journalists and sources.”

Other highlights of the edition include:

The machine that learns how to stop whistleblowers

INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY

An example of whistleblower behaviour taken from Harry McLaren’s slides

Workplace surveillance is nothing new, but this slide from Harry McLaren’s talk on Machine Learning for Threat Detection illustrates particularly well the challenges facing journalists wishing to protect whistleblowers.

McLaren is talking about malicious threats, and the way that machine learning can be used to identify suspicious patterns of behaviour. But the example given above is equally useful in illustrating the way that similar behaviour might be used to identify an employee intending to whistleblow on illegal, unethical or dangerous behaviour by his or her organisation. Continue reading

How publishers could end up helping authorities hack their own readers

Alan Rusbridger holding the destroyed Snowden files hard disk

The Guardian complied when authorities demanded they destroy the Snowden files

So far most of the talk about the Investigatory Powers Bill has been about the lack of protection for journalists’ sources thrown up by powers to intercept communications.

But there’s another part to the Bill which relates to facilitating state hacking – and an analysis by Danny O’Brien has thrown up some worrying ambiguity on this front for publishers – not just those based in the UK. Continue reading

VIDEO: Surveillance and the ‘1984 Generation’

Online video project newsPeeks have put together a documentary on surveillance. I really enjoyed it, so I’m sharing it here. Not only is the content great (newsPeeks were live at the Logan Symposium on the topic late last year so got some great contacts), but the production is a great example of online-native video (disclosure: I’m an unpaid advisor).

Continue reading

FAQ: Investigative journalism now – and its future

The latest in the series of FAQ posts comes from a student in Germany who is interested in how investigative journalism is affected by the financial situation of publishers, and how it might develop in the next decade. Continue reading

“Don’t be afraid: keep them afraid” and other notes from the Logan Symposium on surveillance’s first day

Don't be afraid. But keep them afraid.

Seymour’s parting advice to young journalists: maintain a watchdog role and hold power to account

On Friday I was at the Logan Symposium on secrecy, surveillance and censorship, an event which, as is often the case with these things, managed to be inspiring, terrifying, and confusing in equal measure.

Notably, Director of the Centre for Investigative Journalism Gavin MacFadyen opened the day by talking about investigative journalists and hackers together.

It is common to hear attacks on journalists mentioned at these events, but rare to hear an old-fashioned hack like MacFadyen also talk about the “growing number of hackers being imprisoned”, while noting the commonalities of a desire for a free press, free speech, and “a free internet”. Continue reading

The Government wants to know where you were online, when. Why journalists should be cautious

 

tor https infographic

The EFF have an interactive graphic which shows you what information can be grabbed when you’re using Tor or HTTPS

Home secretary Theresa May wants to be able to connect IP addresses (which identify machines) with users (those using it at that particular time).

In a nutshell this means being able to identify whether you were in a particular place at a particular time – only the ‘place’ in question happens to be virtual: a website.

Now clearly this is aimed at identifying terrorists and paedophiles. But then so was RIPA, a law which has been used to spy on journalists and intimidate staff who speak to them and to “pull reporters’ phone records in every single leak inquiry in the last ten years“, including all calls to the Sun’s newsdesk and by their political editor in one inquiry.

In recent weeks we have heard about prison officials monitoring confidential phonecalls between MPs and prisoners, and between lawyers and their clients. Continue reading