Almost everyone at The CATO Institute’s conference—“NSA Surveillance: What We Know; What to Do About It”—on Wednesday agreed that government surveillance has an alarmingly wide scope, and that the latest revelations by Edward Snowden have had a big impact on public opinion surrounding privacy issues. Participants in a journalism panel there all said that they were pleasantly surprised by the level and quality of public discussion that their work on the Snowden documents had kicked off.
Though his leak made the stories possible, the daylong conference featured little discussion of the government’s crackdown on whistleblowing—Snowden is currently on the lam. Instead, most focus was on dissecting the actual contents of the information deluge, as participating politicos, journos, lawyers, and techies argued about what the surveillance revelations may mean for the future of the industry.
But toward the end of the press panel—after New York Times reporter Charlie Savage’s valiant effort to put the NSA scoops into manageable categories—participants were finally asked about what the NSA revelations meant for how they do their jobs cultivating sources with sensitive information. Julian Sanchez, the CATO research fellow moderating the panel, pointed out that the Obama administration has charged more people under the 1917 Espionage Act than all of the previous administrations combined, and mentioned the Department of Justice’s collection of telephone metadata from the Associated Press. So, Sanchez asked the reporters sitting around him, how has their ability to communicate with sources changed over the past few months or years?
The consensus answer: To do their job well going forward, reporters need to be educated about how to use encryption and anonymity on the internet.
“We are now seeing the overwhelming ease with which journalists can be treated as, in the NSA sense of the word, targets,” said Spencer Ackerman, the US national security editor of The Guardian. “The intelligence community seems to want to shrug and say that, if you don’t want your information to be viewable, then you wouldn’t be communicating online or over the phone, he added. “And that seems to be a rather exotic explanation of how we live in the 21st century.”
Ackerman added that what he has learned from the Snowden scoops over the past few months has made him internalize how much of a “digital footprint” journalists (and everyone, really) leave on a day-to-day basis. In general, given the extremely sensitive and delicate nature of so much investigative reporting, said Ackerman, he doesn’t believe that many journalists in the industry have “come to terms with the full implications of how much information we just leave in the ether that we just assume is protected.”
But Wall Street Journal intelligence correspondent Siobhan Gorman didn’t seem overly impressed. “I actually don’t know how much these revelations have really affected communications with sources,” she said. “I think that people who have been following this stuff on and off over time have taken precautions for a while.”
A question from the audience, from ACLU technologist (and encryption evangelist) Christopher Soghoian, extended the conversation further. “Some of you have been using encryption for years, and some of you are more recent arrivals to the crypto club, even though you’ve been covering national security for decades,” said Soghoian. He asked the panelists how their views specifically about encryption have changed in the last six months, and how they felt they and their colleagues were equipped to handle the surveillance challenges that they were likely facing.
(Later in the day, when Soghoian sat on his own panel, he also criticized news organizations—the Guardian and the Washington Post were implied—for redacting too many specific details when they published the NSA slides, details of vital importance to people in the computer security industry such as “the names of the algorithms that NSA has broken or subverted, the names of the companies that NSA has colluded with to subvert the security of their products and to sabotage their products.”)
Barton Gellman, a national security reporter at The Washington Post who has been the lead author of several Snowden-NSA articles in the past few months, answered Soghoian’s question first. Gellman said that he considered himself a member of “the tin hat club”; he has been encrypting his own notes for about a decade and has been capable for quite some time of communicating with sources through encrypted methods if necessary.
But, he added, encryption isn’t a panacea. First of all, encrypted communication, because it is still relatively rare, can actually draw attention to users and make them surveillance targets. Secondly, anonymity tools are just as important as encryption, if not more important, in order to protect the identity of sources. Still, not many people tend to take advantage of both—even though they should.