• ADVERTISEMENT

    TSA Policy Change Increases Tech Security Burden For Traveling Journalists

    by Geoffrey King
    July 15, 2014
    Recently the U.S. Transportation Security Administration announced a new policy requiring that travelers to the United States turn on their devices at the request of airport security personnel. Photo by Trey Ratcliff on Flickr and used here with Creative Commons license.

    Earlier this month, the U.S. Transportation Security Administration announced a new policy requiring that travelers to the United States turn on their devices at the request of airport security personnel.

    Devices that cannot be powered on will be barred from the aircraft, and passengers in possession of such devices may also be subjected to additional screening. While a number of commenters have lamented the policy change on the grounds that it is likely to cause confusion and otherwise inconvenience passengers, the move could also aggravate the risks journalists already face when traveling with sensitive materials such as notes, unpublished photographs or information about sources.

    "Journalists should utilize full disk encryption, enable a firmware password for any laptop and fully shut down all devices prior to entering security to ensure that encryption keys cannot be pulled easily from RAM."

    Reuters reported on July 4 that the new TSA policy was prompted by fears among some U.S. government officials that Al-Qaeda-affiliated militant groups may seek to build bombs into electronic devices. The policy does not grant airport screeners the broad authority to search electronic devices frequently exercised by U.S. Customs and Border Protection, a practice under challenge by civil rights groups and that has reportedly been used against journalists.

    ADVERTISEMENT

    “Journalists should know that their items aren’t going to be searched” under the new policy, a Department of Homeland Security official, who declined to be identified due to the sensitivity of the issue, told CPJ. “Their items aren’t going to be taken from them.” TSA’s interest, the official said, is in whether devices turn on at all.

    Questions remain, so it’s best to take precautions

    Journalists should prepare for going through airport security by using encryption. Photo by Leyla.a on Flickr and used here with Creative Commons license.

    Journalists should prepare for going through airport security by using encryption. Photo by Leyla.a on Flickr and used here with Creative Commons license.

    Because the TSA does not have screening operations outside the U.S., enforcement of the new policy falls to a variety of public and private actors across a range of countries. As such, it is unclear how the mandate will be implemented. It is also unclear just what counts as a “device”: although smartphones and laptops are obvious examples, cameras and video equipment are also possible targets for inspection, as are hard drives, USB drives and other storage media that lack an LCD screen or other means of showing that they are “on.”

    ADVERTISEMENT

    Given this uncertainty, journalists should think about how to protect their work long before heading to the airport. CPJ’s Journalist Security Guide provides good guidance on information-security best practices. Specifically, journalists should utilize full disk encryption, enable a firmware password for any laptop and fully shut down all devices prior to entering security to ensure that encryption keys cannot be pulled easily from RAM. Securely wiping all non-laptop mobile devices — which can easily be restored from a copy kept on an encrypted laptop once airborne, then re-wiped prior to landing — may also be prudent.

    As the U.S. Supreme Court put it in a landmark case on cell phone privacy just two weeks ago, officials “may examine the phone’s physical aspects to ensure that it will not be used as a weapon, but the data on the phone can endanger no one.” While TSA seems to be taking this admonition into account, at the end of the day it is up to journalists to protect themselves — and their sources.

    Geoffrey King coordinates the Committee to Protect Journalists’ Internet and technology policy efforts. King, who is based in San Francisco, protects the rights of journalists through advocacy, public education, and engagement with policymakers worldwide. Prior to joining CPJ, King, an attorney by training, represented U.S.-based individuals in constitutional matters involving the freedoms of speech, press, and petition. King is also a documentary photographer whose work has focused on human rights and social movements. In addition to his work as an advocate and journalist, King teaches courses at UC Berkeley on digital privacy law and policy, as well as the intersection of media and social change. King holds a bachelor’s degree in Mass Communications, Phi Beta Kappa and with Highest Distinction, from UC Berkeley. He earned his law degree from Stanford Law School. His public GPG encryption key can be found here. Follow him on Twitter @CPJInternet.

    cpj logoA version of this post originally appeared on CPJ’s Internet Channel. The Committee to Protect Journalists is a New York-based, independent, non-profit organization that works to safeguard press freedom worldwide. You can learn more at CPJ.org or follow the CPJ on Twitter @pressfreedom or on Facebook here.

    Tagged: data privacy encryption government oversight mobile devices online privacy united states

    Comments are closed.

  • ADVERTISEMENT
  • ADVERTISEMENT
  • Who We Are

    MediaShift is the premier destination for insight and analysis at the intersection of media and technology. The MediaShift network includes MediaShift, EducationShift, MetricShift and Idea Lab, as well as workshops and weekend hackathons, email newsletters, a weekly podcast and a series of DigitalEd online trainings.

    About MediaShift »
    Contact us »
    Sponsor MediaShift »
    MediaShift Newsletters »

    Follow us on Social Media

    @MediaShiftorg
    @Mediatwit
    @MediaShiftPod
    Facebook.com/MediaShift