Reminders and Upcoming Dates
Rough drafts of story #2 are due next week, by class time on Nov. 19.
There will be NO CLASS the following week because of Thanksgiving.
Guest Speaker: Katie G. Nelson
Discussion followed by questions.
Digital Security: Best Practices
When you’re a journalist, you will very likely find yourself in possession of information that other people want. Digital security comes down to protecting yourself and protecting your sources.
Messaging
- If you’re communicating with a source about a sensitive story, the top-recommended app by security experts is Signal. It’s free, open-source, and peer-reviewed.
Personal Information (Phone, Laptop, and Social Media)
Make sure you take a look at your Facebook page and other social media accounts to see what information about you is public. It’s probably more than you realize. Be aware that enabling location services and posting live updates can clue people in to your whereabouts. And depending on your current level of risk in your reporting, some of the personal information you have out there or on your person might be used against you. When Jim Foley was kidnapped, for instance, his captors found a photo on his laptop that showed his brother in a military uniform and singled him out for harsher treatment.
- Keep your phone updated.
- Make sure your phone and laptop are password protected.
- If arrest is a concern of yours, it might be advisable to disable the thumbprint verification on your phone for the duration of the assignment.
- Change your SMS settings so that the text isn’t visible in notifications until the phone is unlocked.
- Always sign out of important accounts after using them in public places.
- Beware of free public wifi networks.
- Disable Siri from the lockscreen by switching off “Access When Locked”
- Be wary of leaving laptops in hotel rooms where they could be tampered with in your absence.
International Travel
If you’re going to be traveling internationally, remember to take extra steps to protect your contacts and any other sensitive information. It’s alarmingly easy for border agents to confiscate and search your things, and you don’t have much recourse if they decide to do so. If you’re already inside the United States, they need a warrant, but at the border, your rights are significantly curtailed in this respect. They don’t even need cause, and there have been cases where people have been denied entry for refusing to hand over their passwords. American citizens can’t be deported for refusing to do so; if you stand firm but calm, you may be detained and the devices tampered with, but you should eventually get home.
U.S. border agents stopped journalist from entry and took his phones
“During the interrogation, CBP officers requested Ou unlock his mobile phones so they could search them, he said. After he refused — explaining that he had an ethical obligation to protect his reporting sources — the agents took the devices away, he said.
When the phones were returned hours later, it was clear that someone had tampered with the SIM cards and potentially made copies of data on the devices, he said. Because the phones were encrypted, Ou is not sure how much — if any — information they were able to access.”
WSJ reporter and US citizen Maria Abi-Bahib wrote a Facebook post about a similar experience.
Another customs agent joined her at that point and they grilled me for an hour – asking me about the years I lived in the US, when I moved to Beirut and why, who lives at my in-laws’ house in LA and numbers for the groom and bride whose wedding I was attending. I answered jovially, because I’ve had enough high-level security experiences to know that being annoyed or hostile will work against you.
But then she asked me for my two cellphones. I asked her what she wanted from them.
“We want to collect information” she said, refusing to specify what kind.
And that is where I drew the line — I told her I had First Amendment rights as a journalist she couldn’t violate and I was protected under. I explained I had to protect my sources of information.
“Did you just admit you collect information for foreign governments?” she asked, her tone turning hostile.
“No, that’s exactly not what I just said,” I replied, explaining again why I would not hand over my phones.
She handed me a DHS document, a photo of which I’ve attached. It basically says the US government has the right to seize my phones and my rights as a US citizen (or citizen of the world) go out the window. This law applies at any point of entry into the US, whether naval, air or land and extends for 100 miles into the US from the border or formal points of entry. So, all of NY city for instance. If they forgot to ask you at JFK airport for your phones, but you’re having a drink in Manhattan the next day, you technically fall under this authority. And because they are acting under the pretense to protect the US from terrorism, you have to give it up.
So I called their bluff.
“You’ll have to call The Wall Street Journal’s lawyers, as those phones are the property of WSJ,” I told her, calmly.
She accused me of hindering the investigation – a dangerous accusation as at that point, they can use force. I put my hands up and said I’d done nothing but be cooperative, but when it comes to my phones, she would have to call WSJ’s lawyers.
She said she had to speak to her supervisor about my lack of cooperation and would return. I was left with the second DHS officer who’d been there since we left the baggage claim area.
The female officer returned 30 minutes later and said I was free to go.
- If you have extremely sensitive information on your laptop or phone and there is a fair chance that you’ll be stopped at the airport because of your recent travel destinations, consider scrubbing it of those contacts, traveling with a separate phone entirely, or sending it to yourself by courier.
- Encrypt your hard drive.
- Switch off your devices before you go through immigration. “Hard drive encryption tools only offer full protection when a computer is fully powered down. If you use TouchID, your iPhone is safest when it’s turned off, too, since it requires a PIN rather than a fingerprint when first booted, resolving any ambiguity about whether border officials can compel you to unlock the device with a finger instead of a PIN—a real concern given that green card holders are required to offer their fingerprints with every border crossing.” –Wired
Email
- Use PGP Email Encryption. (PGP literally stands for “Pretty Good Privacy.”)
Basically, it “scrambles your email until it is downloaded and decrypted with a personal key, so that even if someone spies on the content of your Gmail account or whatever they won’t be able to read your email.”
In a detail that will become journalism school legend forever, probably, Guardian columnist Glenn Greenwald says he almost missed out on NSA stories because he didn’t have the time to set up PGP. Snowden anonymously sent Greenwald a bunch of emails, and even a step-by-step guide to setting it up, but Greenwald put it off.
“It’s really annoying and complicated, the encryption software,” he told the Times. “He kept harassing me, but at some point he just got frustrated, so he went to Laura.”
– All Journalists Should Use This Annoying Technology, Gawker
Other Resources
IJNet list of digital security resources
What To Do If Your Phone Is Seized By Police
Electronic Frontier Foundation: Surveillance Self-Defense
Next Week:
Workshopping rough drafts
AND
Email encryption tutorial
