Escolar Documentos
Profissional Documentos
Cultura Documentos
FOR JOURNALISTS
Jonathan Stray
Kiplinger Fellowship 2017
Columbus, Ohio
PRACTICAL DIGITAL SECURITY
FOR JOURNALISTS*
Security reduces risk for ourselves, our sources, and our organization.
Gawker
from Dec 2010 breach
Two-Factor Authentication
Something you know, plus something you have
Passwords
Dont use a common password. Avoid dictionary words
Really
Legal
Lawsuits, subpoenas, arrests and detention
Social
Phishing, social engineering, exploiting trust
Physical
Theft, installation of malware, intimidation and violence
What Are You Risking?
Security is never free. It costs time, money, and convenience
And requested by
law enforcement.
Pictured: Facebook
requests, Q1-Q2 2015
Slack (etc.) lives forever and killed Gawker
Secure Communication
Text messages
Standard text messages (SMS) are incredibly insecure.
Android (pictured),
iPhone, Desktop.
Signal vs. Law Enforcement
Email
Email is difficult to secure. Avoid it if you can.
Google Drive, Dropbox, etc. are okay unless someone gets a court
order.
It is much harder.
If they have a gmail address, and you have a gmail address, and
Google is unlikely to cooperate with your adversary, use gmail.
From whatismyip.com
Private browsing mode still connects from same IP
It only affects cookies (saved logins and site tracking codes) and browser history.
Torproject.org
Tor Browser Bundle
IP address in web server logs reveals story in progress
There are tools to remove metadata, but easiest and most reliable: take
a screen shot on your computer (not the sources!)
File metadata
Many phones and cameras store time and location in image files
(EXIF data). There are online tools to check and edit.
Location Privacy
Protecting your location
Social media posts are often geo-tagged.
Phones and cameras often save GPS coordinates in the photo file.
Tell-All Telephone (zeit.de)
Geo-tagged posts
Get familiar with your location privacy settings
Crossing Borders
Crossing borders
Prepare to be searched. Encrypt your devices. But realize that you
may have to give up your password.
Best plan is to carry as little data as possible across the border. Try to
send sensitive data home over the network.
US Border crossing guide
Use threat modeling to make a plan for your story. Know what you are
protecting from whom. Integrate digital with physical, legal, operational security.
Know exactly what data is sensitive, how many copies there are, and where.
Resources