“Security is the chief enemy of mortals.” – Shakespeare
As the story of former General and CIA Director David Petraeus has unfolded, we continue to get surprising insights into the digital breadcrumbs that led to his surprise resignation. His downfall was brought about by a growing trail of electronic records held by today’s top commercial service providers few people realize even exists. This is fascinating given his position as the U.S. chief spook, where one would expect he would understand the associated risks of today’s information ecosystem. However, there are serious lessons to be learned for journalists who face the same daily risks about data protection, secure communication, and shielding confidential sources.
In hindsight, we now know Petraeus used monumentally poor technology to cover his tracks. Since he was trying to hide an affair by operating outside the boundaries of the CIA’s institutional security protocols, he had to depend on his own personal security knowledge. The general may be a master tactician and military leader of men and machines, but information security was not his bailiwick. Using a shared email account as the cyber-equivalent of a Cold War-era “dead drop,” may have seemed clever and modern, given that known terrorist groups used the same method. Petraeus and his mistress, Paula Broadwell, likely felt there was security through obscurity.
But in the digital world, it is remarkably poor cover. Every login or access to a digital email account is logged and can be correlated to other accesses, from home broadband to hotel WiFi connections. It’s the searching and correlating of those records that doomed the general and his biographer.
Kurt Opsahl of the Electronic Frontier Foundation told the Wall Street Journal: “If the director of central intelligence isn’t able to successfully keep his emails private, what chance do I have?”
We have the Technology
The fact is the tools and practices do exist to greatly increase the chances, if one takes the time to understand the risks and the remedies.
Journalists operating in risky theaters or striving to be vigilant about their data have to learn a lot about this increasingly complex ecosystem. As more things move to “the cloud,” we have less physical control over our data and even less understanding of the security risks.
Core to the problem is that digital data remains unencrypted and completely accessible to staff and law enforcement on the vast majority of common service providers, such as Google, Yahoo and Microsoft. This is the tradeoff we have for the use of these “free” services. They are free to use, but it means these companies are also free to index, search and profile your email and data for marketing info. It also means it’s easily searched and accessed by law enforcement.
In a post-9/11 world, the threshold is significantly lower for law enforcement to subpoena information from online providers, without a judge’s approval. Logs of access are detailed and kept for months. Depending on the service provider, even deleted or half-finished work can persist in searchable form.
Unless one is vigilant, leakage is rampant, revealing information about identity, location, recipients and devices. For journalists, there are a number of tools that can address these issues. There is no silver bullet here. The same way there is not one single tool that will build a house from scratch, there is a significant toolset conscientious users should be aware of.
For maintaining anonymity, Tor is a popular tool that taps volunteer computers on the Internet to serve as a three-hop proxy for all your web-surfing activity. Through clever encryption techniques and providing a stripped-down, secure version of the Firefox web browser, your surfing activity appears to come from another computer on the Internet which cannot be traced back to you. Because your web traffic is obfuscated through multiple hops, it is considerably slower than conventional browsing. Therefore, it’s only recommended for occasional use from hostile network environments or for bypassing content filtering restrictions.
For journalists keeping documents and contact information from prying eyes, there are many excellent choices for scrambling data. Mac users already have some tools shipped with the operating system. Apple’s MacOS sports the FileVault 2 system for allowing for full-disk encryption of a Mac hard drive, which disallows all access without first entering a password. The Mac has some other interesting options for creating smaller repositories of encrypted data. The standard “Disk Utility” program can create a secure “volume” that contains strongly encrypted information in it, and acts like a removable drive.
For Windows or Mac users, the excellent free open-source TrueCrypt can scramble an entire hard drive, a portion of a disk, or just one file. TrueCrypt can also be used in combination with a removable USB drive, which provides additional physical security on the go. For most of these encryption technologies, the AES-256 standard is the most widely used, and provides adequate security for the near future.
When it comes to email or individual snippets of transmitted data, public key cryptography allows users to encrypt messages with one key, and the recipient to decrypt with another. This allows for very sophisticated scenarios that provide military-grade encryption through the use of the commercial PGP system (from Symantec) or the open-source GnuPG alternative available for most every computer system (GnuPG.org; GPGTools for MacOS X; GPG4win for Windows). Unfortunately, the great security provided by public key cryptography also makes it complex to use. PGP/GPG has been around for decades, but has not gained popularity since most users don’t perceive the need for extra security and want convenient email access. One webmail provider, Hushmail, supports the PGP system and allows you to access your encrypted mail through a web browser.
To be completely safe, however, users should use a mail server and client that runs using the IMAP or POP3 mail protocol, and read messages locally on their own computer.
There also may be a reason to stick with your BlackBerry — its enterprise systems have end-to-end encryption that is very secure, even if parent company RIM has seen its fortunes fall to Apple and Samsung in recent years.
There is another risk that needs accounting for — securing the communications channel from a user’s device to remote servers holding important information. More and more, Internet services are providing this themselves. Gmail is one of the few free email services that allows users to encrypt all communication over the secure HTTPS protocol (though the email messages themselves are still in the clear when stored on its server). This prevents snooper and interlopers from watching your email traffic, especially important when using open WiFi access points at Starbucks or McDonald’s. Facebook just recently announced it would secure all connections with HTTPS, starting with North American users.
Not all sites support HTTPS for user content, so an easy way to secure the channel from your device while using WiFi is through the use of a virtual private network (VPN). Many corporations and news organizations already run VPN access for employees, but private citizens can also tap into private VPNs through providers like WiTopia.
It’s important to note the distinction between a VPN and secure web browsing like Tor. A VPN will encrypt all network traffic into and out of your computer. Tor, on the other hand, is only for web traffic coming from its special browser.
Mobiles and tablets
Increasingly, users are demanding secure communications from their mobile devices and tablets. There are some interesting solutions for secure mobile multimedia messaging.
In a nod to the “Mission Impossible” TV series, a number of apps are touting encrypted end-to-end messaging with self-destructing data. Silent Circle is the brainchild of legendary PGP creator Phil Zimmerman, and allows any two mobiles (with iOS or Android) to communicate securely using text, photos or video ($20 per month subscription).
Wickr’s motto is “Leave No Trace,” and the free iOS app supports text, picture, audio or video messages, with a built-in self-destruct timer. It’s even clever enough to make cheating the system (i.e., trying to take a screen capture of an imminently self-destructing image) difficult.
Digital literacy is complex, and assessing digital security risks is even harder. The rapid progression of devices, operating systems and standards, with more and more services in the cloud, makes it hard to figure out.
So for most users, security is not a big concern — until the one time it is, and it’s too late.
At the very least, journalists should be aware of the tools at their disposal and deploy them in the right amounts as the situations warrant.
> Mobile Security Survival Guide Helps Journalists Understand Wireless Risks by Melissa Ulbricht
> SaferMobile Helps Protect Your Cell Phone Data From Threats by Melissa Ulbricht
Andrew Lih is a new media journalist, and associate professor at the University of Southern California’s Annenberg School of Communication and Journalism where he directs the new media program. He is the author of The Wikipedia Revolution: How a bunch of nobodies created the world’s greatest encyclopedia, (Hyperion 2009, Aurum UK 2009) and is a noted expert on online collaboration and journalism. He is a veteran of AT&T Bell Laboratories and in 1994 created the first online city guide for New York City (www.ny.com). He holds degrees in computer science from Columbia University, where he also helped start the journalism school’s new media program in 1995. His multimedia reporting and photography of China and the 2008 Beijing Summer Olympics has appeared in the Wall Street Journal.