“Just because you’re paranoid doesn’t mean they aren’t after you” – Joseph Heller in Catch-22
With the Justice Department going after both the AP and Fox News, it’s become apparent that journalists now need to take more drastic steps to protect their sources from politically motivated government officials. With that in mind, here are steps every journalist, blogger and their sources must take to enforce their first amendment rights.
- Recognize you are a candidate for surveillance: Every journalist must now recognize that they may be under surveillance. Their phones may be tapped, their emails read, and their cars followed. Recognizing that your communications may be tapped and that you are now a target will completely change the way you handle your sources and your investigative methods.
- Stop using email: Email is an inherently insecure medium. No Gmail “dropboxes” (Ahem, David Petraeus, we’re looking at you), no alias emails. Nada. This includes so called secured services like “Hushmail”, who have already rolled over for the Canadian and US governments several times. If you use email, then you must use PGP. But unless you are a technology journalist, the learning curve of PGP is probably too high for both you and your sources.
- Start using encryption: Good encryption is an absolute must. Start by locking down every computer you touch with TrueCrypt or Windows BitLocker. Yes, it’s a pain in the ass, but it will protect you from both legal and illegal searches – courts have ruled that your password is protected under the 5th amendment and you don’t have to give it up under questioning.
- Stop Using Smart Phones: While regular cell phones can be still be located via ping, with a smart phone, you can accidentally check in on Four Square while interviewing your source in a parking garage next to his job. If you must use smart phones, then consider the Silent Circle app for both you AND your source.
- Start using prepaid phones: If you really value your source, walk into any electronics store (or WalMart or Costco, for that matter) and buy 5-10 prepaid phones. Activate them with a prepaid debit card paid for with cash, and then have your source move through them on a preset schedule. After each phone is done being used, make sure it is incinerated or properly destroyed to a pulp.
- Start using Tor: Tor is a distributed network that provides an enhanced level of online anonymity. It is far from perfect, as some exit nodes are claimed to be operated by government agencies. That being said, a little bit of anonymity can go a long way.
- Start using old school methods: If your source has important information they want to transfer to you, go back to the old thumb drive. Make sure your source encrypts the drive with TrueCrypt first with a prearranged password, and then have him leave it at a preset dead drop. If you are ex-three letter agency you could probably pull of a brush pass too. Another alternative would be to have the drive sent to your lawyer’s office. Try to avoid using a Post Box or UPS box with your real name, please.
- Don’t Use the cloud: As a corollary to using encryption, make sure that anywhere you store files is also encrypted. That means no Google Drive, no DropBox (unless used with truecrypt). You can probably use services like SpiderOak or CrashPlan (only if you enable the extra encryption, though).
- Don’t use instant messaging, Facebook, google chat: While there are a few secure messaging programs out there, we suggest that all communications with a source be done either face to face and via encrypted files. Minimal communications (such as setting up meetings) should be done via either prepaid phones or encrypted phone apps.
Real journalism will often bring down the ire of those being criticized. With a modicum of thought and a little bit of effort, you will be able to keep you and your sources at a minimum of risk while doing your reading public a huge service.
Now that you’ve read our suggestions: What do you use to stay secure both online and off? How do you protect your sources now?