Beyond PGP
The main impediment to implementing digital security in traditional newsrooms may be that reporters avoid learning about it and news organizations don’t dedicate appropriate resources to it, according to panelists at a November 7 conference cosponsored by the Reporters Committee.
The panel, composed of an Associated Press journalist, a digital security expert, a media lawyer, a digital media commentator, and a digital rights lawyer, discussed the ways that the institutional press is currently protecting its writers and the many ways it can do better.
The panel, “Beyond PGP, Protecting Reporters on an Institutional Level,” was part of the conference “News Organizations and Digital Security: Solutions to Surveillance Post-Snowden,” organized by the Reporters Committee, the Freedom of the Press Foundation, and the New America Foundation’s Open Technology Institute.
Morgan Marquis-Boire, director of security for First Look Media, framed the problem by explaining that journalists often give up on learning about the technology they could use to protect their work because they want to focus on writing.
The panelists agreed that media organizations need to do a lot more to prioritize security procedures, including providing more support to journalists from those well-versed in the technology.
Associated Press reporter Jack Gillum had two main recommendations for how news organizations can improve their institutional security. The first, he said, was that they need to “stop being cheap” and start spending the kind of money they spend on physically securing their buildings on helping their reporters be more digitally secure. The second is approaching newsgathering overall with an eye toward being secure—for example, remembering that there are many other ways besides hacking into e-mail that can reveal a reporter’s trail, including public transportation data, security camera footage, and credit card information.
“We need to have this mindset of security that is beyond just the tools,” Gillum said.
Nabiha Syed, a media lawyer at Levine Sullivan Koch & Schulz, LLP, said one of her main challenges is reminding journalists of all types that it is not just reporters who cover national security who need to be mindful of their data. She counsels reporters that this is an issue for “anyone who crosses a border, or anyone who does a variety of different kinds of reporting.”
Gillum pointed out that there are many resources available for reporters to take control of their security.
“Since Snowden, there are more tools out there for journalists,” he said. “It may be a little bit of a brainpower exercise, but there are tools.”
Digital media commentator and blogger Xeni Jardin agreed, citing a “tide of public awareness” post-Snowden that showed why it was important for everyone to be mindful of these challenges.
Marquis-Boire reminded the audience that when it comes to law enforcement demanding journalists’ passwords and encryption keys, there is only so much that the software can do to protect that material. Instead, he advocated a holistic organizational approach to security, apart from the tools.
“I’m really wary of trying to solve real-world coercion problems with code,” he said.