That word—paranoia—points to a tricky challenge for those who train new journalists. Susan McGregor, who teaches at The Tow Center for Digital Journalism at the Graduate School of Journalism at Columbia University and who has herself written for CJR about what journalists can take away from this year’s most pressing legal and technical challenges, stresses the importance of keeping perspective. The more you become aware of the potential risks out there, “it can get in your head…it can be damaging,” McGregor says. “We have to make sure we’re handling these issues in a way that does not expose ourselves and our sources unduly, but that also does not prevent us from doing the work.”
Balance is vital. The simple, cover-your-butt steps might give students a false sense of security, while the more onerous steps may make them want to give up completely. (Searching the Web through Tor is slow, and anonymous chat and email can be far more clunky and confusing than their less-secure counterparts.) Too often, McGregor says, people who are new to this stuff will go to a training session, install a bunch of software, and then never use any of it because it all seems so complicated and slow. That’s why understanding when to employ these tools is just as important as how to use them. After all, digital security isn’t like learning any new tool: it’s not a video camera, it’s not Flash. It’s a way of thinking: about how to evaluate the risks at hand, and how to address them in the most efficient way. And for that, McGregor says, “You need to give people a conceptual model, a mental map.”
To that end, The Tow Center is holding a three-day workshop next weekend that McGregor says will discuss and explore “threat modeling” in a holistic way, in addition to merely training attendees on technical tools. The workshop also has the aim of connecting the non-technical journalism community to the non-journalistic technical community. The hope is that the people who could potentially develop tools to help journalists stay secure can start to really understand what the needs are.
As for the question, Does everyone have to learn this stuff? McGregor says, absolutely. Journalists have a collective responsibility; it’s as important as closing and locking the door behind you when you walk into your apartment building. “You may not be covering the NSA, but a colleague of yours might,” says McGregor. “Unless you’re working really on your own, you have a responsibility to protect the person who is vulnerable or may be targeted within your organization by being responsible yourself. If you are not being responsible, you are exposing the people you work with, potentially.”
Finally, here’s one last thought to help motivate students to learn about digital security, cumbersome as it can sometimes be: It’s one more skill to add to a resume. During a panel discussion on encryption basics one evening last month at Columbia, McGregor threw in this enticing aside: “I’m guessing that if you want to work for Glenn Greenwald’s new $250 million news outlet, probably knowing this stuff is going to be valuable.”