Journalists are perhaps second only to human-rights activists in the need for digital security practices in their work. Yet while journalists operating in repressive regimes have for decades known all too intimately the perils of loose communication practices, many of these understandings have only recently started to become clear for journalists in the U.S.
For American journalists, the work of Edward Snowden and Glenn Greenwald should arguably have had a two-fold impact on their digital security practice. The first stems from the awareness that many of the communication channels we use regularly when working with sources are not really protected from government surveillance, either legally or technically. The second comes from the appreciation that from here on out, understanding digital security may be a prerequisite for getting access to the really big stories.
Yet actually doing the work of providing digital security training to journalists is not so easily done. Complicating an already complex topic is the fact that most journalists don’t really know what they need, an issue exacerbated by the range of roles and activities that our profession contains. What’s needed by a freelancer overseas may be very different from what’s needed by a police reporter in a small Midwestern newsroom. And while the scoops may be real, their potential value is hard to quantify against the cost of security training, equipment and support.
There is also the challenge of widespread cultural assumptions — not reserved to journalism — about the teachability of technical topics like digital security. As a former newsroom developer and current professor at Columbia Journalism School, I am familiar with may of the common complaints: It’s too complicated, it changes too fast, it’s irrelevant to most people anyway. Yet these challenges reflect failures of perspective, not possibility. After three years of professional teaching (and a few more at it informally) I have found that with the following in mind, it’s more than possible to teach technical topics to a (largely) non-technical audience. In fact, you may even find that you spark some new affinities for the material.
Context is key
The importance of providing context in education is hardly reserved for journalism or technical material. Using realistic examples and embedding new concepts in relevant tasks make them easier understand, retain and transfer to real-world situations. Offering context when discussing digital security can be as simple as using hypothetical but plausible scenarios, such as those involving police sources or school teachers. While most of us are not NSA reporters, journalists deal on a daily basis with sources who have something important to lose — often their job or their reputation — if their role in our work is discovered. As the use of legal and technical means to obtain digital communications comes to local jurisdictions, these scenarios only gain relevance. Including the real-world challenges of dealing with sources, deadlines and other limitations helps provide learners with the understandings they need to actually integrate what they learn into their day-to-day work.
Technologies change, concepts do not
The mechanism by which email operates has not fundamentally changed in 40 years; similarly, the canonical methods of encryption key generation and exchange were first described in the 1970s and are still in widespread use today. Though the specific technologies and software applications that support digital security will inevitably change, a focus on underlying principles gives journalists the tools to both evaluate new tools and use existing ones properly. By targeting an understanding of the mechanisms by which digital information is made vulnerable and the general approaches available to secure it, we can equip journalists with the understandings they need to evaluate new solutions and changing circumstances, both now and in the future.
What we need is literacy, and then access expertise
Most journalists’ work will never be the target of a libel case, yet few practicing journalists are libel experts. While news organizations may provide some basic training on these issues, the most important support they provide is a framework for flagging potential issues and channeling them to experts for further review.
In many cases, digital security can be considered in the same light as libel: What we need is for all journalists to have an understanding of digital security risks that is sufficient for them to know when they need to seek help. If supported by adequate institutional and/or industry expertise, this can greatly improve security practices amongst journalists in general, without the unrealistic requirement requiring that every working journalist become a technical expert.
Journalists are professional learners
I remember how impressed I was at seeing my colleagues at the Wall Street Journal take command of a new beat in only a few weeks, moving from topics like travel to personal finance with apparent ease. The work of journalists consists precisely of acquiring new information, making connections and building understandings about topics that are new to them, and anyone seeking to teach journalists should not underestimate these skills. This is not to say that smartly organized materials and supporting examples are not important. It is, however, a reminder that any reporter who can understand campaign finance or judicial proceedings or school board politics is capable of understanding what constitutes metadata and who might have access to it when they send an email or make a phone call. Oversimplifying or ignoring the concepts of digital security and focusing on rote tool use will fail to improve security practice amongst journalists both because relying on a specific tools is too brittle an approach to real-world security, and because it will fail to engage journalists’ analytic minds. That journalists make a living of understanding something today that they didn’t yesterday is a boon to anyone who would educate them. Use it.
Susan McGregor (@SusanEMcG) is an Assistant Professor & Assistant Director at the Tow Center for Digital Journalism. Previously, she was the Senior Programmer on the News Graphics team at the Wall Street Journal online, where she was named a 2010 Gerald Loeb Award winner for her work on the the Journal’s “What They Know” series. In 2012 she received a Magic Grant from the Brown Institute for Media Innovation for her work on Dispatch, a mobile app for secure source communication, and in 2013 she was awarded a Knight Prototype grant to develop DataDocs, an platform for creating interactive, evergreen web videos. She holds a master’s degree in Educational Communication and Technology from NYU and a bachelor’s degree in Interactive Information Design from Harvard University.
JournSec is a column aimed at helping journalists better under the security, privacy and anonymity challenges they currently face, and steps they can take to protect themselves. It brings together leading voices from the community behind open-source technologies that circumvent censorship and surveillance. The column is managed by OpenITP‘s Outreach Manager Sandra Ordonez. For more information, follow @OpenITP To become more involved, contact sandraordonez AT OpenITP DOT org