Lowell Bergman, who teaches at the Berkeley Graduate School of Journalism, says he takes care to teach his students practical advice about their communications. For the type of monitoring that wouldn’t necessarily require a courtroom, he advises students to use caution. “I tell them, ‘Don’t e-mail anything you wouldn’t want on the front page, or quoted back to you in litigation,’” amongst other warnings, like the potential of phone records to be used in identifying confidential sources. But he says he has not heard of anyone in the school going into great detail about tools or other specific work-arounds to help protect the electronic communications in the first place. Having some introduction to these issues is important, he agrees, although “it militates the actual priorities people have when they come to journalism school, like how to make a documentary, learn Flash, how to make a website, or how to do a long form article.”
Soghoian is irked by the fact that most journalism programs offer a plethora of courses in video, audio, and social media, while not training students in what he sees as a basic foundational knowledge of how to protect the information they’re gathering, “It’s not like journalists are so ignorant they cannot be taught about technology,” says Soghoian. “This is just another skill they have to be taught. [Journalism schools] are going to need to rethink their curriculum. They’re going to need to have a course that every student is required to take.”
While Charles Seife, a professor at the Arthur L. Carter Journalism Institute at New York University, agrees with Soghoian’s overall point about that “many of us are lax when it comes to securing our telecommunications against snooping,” he felt that the op-ed was “devoid of nuance” because “security always involves tradeoffs and compromises.”
“The more safeguards you put on a system, the more of a pain in the butt the system is to use - and the more likely it is that people will try to undermine those safeguards or disable them entirely,” Seife wrote in a recent e-mail. He’s used encryption in his own reporting, but wrote that he’d never done so out of necessity, and wouldn’t trust that doing so would hide his actions sufficiently anyway. He also points to the fact that encryption can be counterproductive; it shows anyone watching that somebody is trying to conceal the contents of their message.
Seife thinks it’s better to assume insecurity and “behave accordingly”; the concept of vulnerability is the real lesson. “No, we don’t teach students about how to use Tor or proxy servers or PGP,” writes Seife, which are among the recommendations Soghoian makes, along with other digital-privacy advocacy groups, like the Electronic Frontier Foundation (more on that here). He shows his students how to gather bits of electronic data from “IP addresses in emails, from hidden metadata in documents, from the source code of HTML.” By showing “how to exploit those information sources,” the students learn what they could be revealing in the course of their own electronic communications.
Jane Kirtley, the Silha Professor of Media Ethics and Law at the University of Minnesota’s School of Journalism and Mass Communication, has a similar philosophy. She tells her students to drop the expectation that their communications are secure, and then go from there, advising them to do their best to have “face to face communication. It seems ironic to go back to something so old fashioned, but it’s the only way you can insure the security of the communication.” She regrets that the journalism community has not yet become fully aware of the issue. “What I keep finding, anecdotally, is that people who are teaching the reporting courses are not fully aware of the consequences of this.”