Skip to main content

Helping Reporters Protect Their Information Sources

The information sources of journalists are under constant threat in the age of digital surveillance. Although the confidentiality of information sources is protected by law, secret FISA courts, questionable policing practices and dictatorships regularly circumvent these regulations. To keep investigative articles coming, privacy enthusiasts in Sydney have teamed up to launch ‘Privacy for Journalists’, a website full of practical technology guides for the journalist community.

Since October 2015, the metadata of activities on the Internet and mobile phone networks must be retained for two years in Australia, including interactions between journalists and their information sources. No matter how careful a journalist is, a simple email or a phone call could establish a link between a reporter and a whistleblower. To make matters worse, data mining and link analysis techniques can reveal hidden relations within the datasets, such as additional information sources.

Our law enforcement agencies in Australia are required by law to obtain a ‘journalist information warrant’ for identifying a source. Although legal protections are in place, numerous examples demonstrate that the authorities routinely circumvent the checks and balances.

An upcoming UNESCO study reveals that the situation in regards to source protection has changed for the worse globally. Phone call records of journalists are often obtained through the FISA court in the United States, and the police in New Zealand, Australia, the UK and Colombia have all attempted to reveal reporters’ sources by analysing metadata. The media union of Australia confirms that metadata retention is indeed a threat to investigative journalism.

I am one of the organisers of the CryptoParty get-togethers in Sydney. The monthly event features speakers talking about privacy and information security matters. In addition, the team is providing resources and helping anyone seeking to secure their communication in a casual and positive environment. Everyone is encouraged to bring along their laptops and smartphones, as we set up and configure various software like PGP, Signal and Tor.

The CryptoParty team in Sydney has recognised a worrying trend affecting journalists, as writers seem to be facing similar privacy challenges as the general public. Reporters also need to keep their communications secret while leaving the smallest digital footprint behind as possible. We thought launching a website with practices and experience from the CryptoParty events – but tailored to journalists – could keep them writing on issues that concern the public.

Thus, ‘Privacy for Journalists’ was born with the purpose of helping journos protect their information sources. The website features a list of scenarios where writers can understand their adversaries as well as their motives. Based on the relevant particular situation, easy-to-follow guides assist the readers with installing and configuring a combination of software. We have also established a growing Slack community, where reporters can come along and discuss their challenges, and the team offers one-on-one help to the journalist community.

Privacy for Journalists Screenshot

Alas, the current digital trends and legal practices do not favour the protection of information sources. We encourage every journalist to learn the basics of communications and operations security. Although there is no silver bullet, certain precautions should still be taken when working on a story along with a source. For instance, use Signal instead of mobile phone calls and texts, or Ricochet IM to chat without leaving metadata behind. Or just dust off that old notebook and leave your phone and computer home.

This article first appeared on emergencyjournalism.net. Image courtesy of Esther Vargas.

Share on LinkedInShare on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on RedditFlattr the authorEmail this to someone
Share This Post!

Gabor

Founder of privacyforjournalists.org.au and sritest.io, organiser of @CryptoPartySyd, privacy and infosecurity enthusiast | Threema: PRN7228A | PGP: https://keybase.io/gszathmari