Geanne Rosenberg, a professor at CUNY’s Baruch College and Graduate School of Journalism, is part of a project with the Carnegie Corporation that’s looking into best practices for educating students and faculty about reducing legal risk, particularly since journalism schools are increasingly filling a role as news providers. She said media law experts and journalism educators met in April at the Poynter Institute, and security issues were discussed, but Rosenberg says they will revisit the topic at the task force’s second meeting this February. As far as the classes she teaches, Rosenberg lectures “in general terms about the fact that all this information could be subject to interception or subpoena risk,” but doesn’t get into the nitty gritty details about specific technological ways to protect from that, though she thinks it’s something “journalism schools should consider ramping up.” Rosenberg is planning an event for this August’s Association for Education in Journalism and Mass Communication (AEJMC) conference in Chicago, and says the topic of teaching cyber-security “is a good one to raise there for an audience of journalism educators.”
Linda Steiner, president of the AEJMC, says that while she’s not aware of any “formal evidence that this is major gap in journalism programs,” if it were to become more apparent, she would take it to the organization to suggest journalism schools start teaching this “in greater detail across the curriculum.”
Adam Penenberg, a journalism professor at NYU, wrote in an e-mailed response that he “doesn’t understand why anyone expects journalism schools to teach comsec. We also don’t teach students how to line up ‘fixers’ in a war-ravaged nation or go undercover with hidden camera. Only a fraction of students will ever need those skills.”
He goes on to write that he “doubts many students would enroll in a class on communication security. I think it is a question better put to news organizations what is The NY Times, WSJ, Time, Bloomberg, etc. doing on this front? Because they are the ones that assume the risk.”
It’s a question I tried to answer with this piece. The Los Angeles Times declined an interview request, but did say it has “ systems in place to safeguard its journalists’ communications,” but for “obvious reasons, we are not at liberty to disclose detailed information about those protections.”
The New York Times responded similarly, saying that as “a matter of policy we do not discuss these types of security issues publicly,” but the “goal is obviously to have as secure communications as possible between our journalists and their sources and the policy of not discussing details of how we accomplish that is consistent with this goal.”
Soghoian says the piece he wrote for The New York Times was “heavily edited” and that many of his criticisms of the Times were removed. In his op-ed, he’s also critical of The Wall Street Journal’s Safehouse, a WikiLeaks style whistleblower platform set up this past May, which he said had technical flaws and a terms of service that allowed the paper to a reveal a confidential source to law enforcement or a third party. The Electronic Frontier Foundation criticized Safehouse along with Al Jazeera’s Transparency unit, also a leaking platform, for similar problems. (More on whistleblower portals here.) But in an interview, Soghoian praised The Wall Street Journal, saying its operational security is “pretty impressive at this point,” and said that Al Jazeera is “probably the best there is as an organization.” Both organizations would not comment on what types of protections they have in place.
Soghoian says WikiLeaks has been an influencing force. “Every news organization I’ve spoken with that’s dealt with WikiLeaks, as a result of working with them, has learned how to communicate securely, because WikiLeaks will only communicate over secure means,” says Soghoian. When WikiLeaks released the “Spy Files” in December, a cache of documents from the surveillance industry, Soghoian says the news organizations who were in contact with WikiLeaks in the course of reporting on the leak were forced to learn how to use encrypted text messaging because “that’s what WikiLeaks insisted on.”