The Centre for Investigative Journalism have launched a new video series to help journalists better understand information security risks and use tools to protect communication with sources: Infosec Bytes. Continue reading
Home secretary Theresa May wants to be able to connect IP addresses (which identify machines) with users (those using it at that particular time).
In a nutshell this means being able to identify whether you were in a particular place at a particular time – only the ‘place’ in question happens to be virtual: a website.
Now clearly this is aimed at identifying terrorists and paedophiles. But then so was RIPA, a law which has been used to spy on journalists and intimidate staff who speak to them and to “pull reporters’ phone records in every single leak inquiry in the last ten years“, including all calls to the Sun’s newsdesk and by their political editor in one inquiry.
In recent weeks we have heard about prison officials monitoring confidential phonecalls between MPs and prisoners, and between lawyers and their clients. Continue reading
Last year the Investigative Reporting Italian Project (IRPI) introduced a platform for Italian and international whistleblowers, the first of its kind in the country.
IRPI aims to use this anonymity to encourage leaks from people who want to expose misconducts of companies and public authorities. A list of risks they could face in the process is published on IRPI‘s site. Continue reading
Early in Alan Pearce‘s book on web security, Deep Web for Journalists, a series of statistics appears that tell a striking story about the spread of surveillance in just one country.
199 is the first: the number of data mining programs in the US in 2004 when 16 Federal agencies were “on the look-out for suspicious activity”.
Just six years later there were 1,200 government agencies working on domestic intelligence programs, and 1,900 private companies working on domestic intelligence programs in the same year.
As a result of this spread there are, notes Pearce, 4.8m people with security clearance “that allows them to access all kinds of personal information”. 1.4m have Top Secret clearance.
But the most sobering figure comes at the end: 1,600 – the number of names added to the FBI’s terrorism watchlist each day.
This is the world of predictive policing that a modern journalist must operate in: where browsing protesters’ websites, making particular searches, or mentioning certain keywords in your emails or tweets can put you on a watchlist, or even a no-fly list. An environment where it is increasingly difficult to protect your sources – or indeed for sources to trust you.
Alan Pearce’s book attempts to map this world – and outline the myriad techniques to avoid compromising your sources. Continue reading
With news last week of the New York Times and Washington Post being hacked recently, The Muckraker‘s Lyra McKee looks at internet security.
“They were able to hack into the computer and remotely access my Facebook account, printing out a transcript of a private conversation. Then they told me who I’d been talking to over the past week and who was on my contacts list. They’d hacked into my phone. When they first told me they could hack into computers and phones, I didn’t believe them. So they showed me.”
I was sitting at the kitchen table of one of Northern Ireland’s few investigative journalists. He was shaken.
In thirty years of reporting, Colin (not his real name) has seen things that would leave the average person traumatized. A confidante of IRA terrorists, he has shaken hands with assassins and invited them into his home for a chat over a cup of tea – as he had done with me that night.
A few weeks previous, during one visit from a source, the subject of hacking had come up. Continue reading
Following today’s landmark judgement on one blogger’s right (or not) to anonymity, I thought it might be useful to post the following tips on maintaining anonymity online.
1. Use an anonymous email account to register your blog. Hushmail is one free service that provides encrypted accounts; RiseUp is aimed at activists; MintEmail gives you a 3 hour temporary email address and FilzMail gives you one that expires after 24 hours. You could also use these to post to your blog via email. Posterous is a great blogging service that allows you to do this.
3. Or you could use an anonymous blogging platform. Invisiblog was one but no longer exists. BlogACause claims to be “anonymous” but I’m trying to find out exactly how UPDATE: here’s how, apparently. In the meantime, this post recommends WordPress and something like Tor.
4. Use a pseudonym that you don’t use anywhere else. If you use a pseudonym, don’t use it on other services as well, as this will make it easier to trace you. If you’re struggling, this Random Name Generator will create one for you.
5. If you’re going to register a domain name do so anonymously with a service like The Online Policy Group.
6. Be careful what information you include. Although police blogger NightJack changed or did not include names in cases he was involved in, the details were specific enough for a journalist to track him down.
7. Don’t win awards. Or book deals. It’s safe to say that a major newspaper would not have been interested in the identities of NightJack or Girl With A One Track Mind if both had remained cult underground heroes. So just pretend you’re sub-literate, OK?
For more information, the following guides go into much more detail:
More links and tips welcome. My Delicious bookmarks on anonymity are at http://delicious.com/paulb/anonymity