In the wake of the Arab Spring, the UK riots, and Occupy Wall Street, when the same digital tools that were enabling journalists to share information and organize in unprecedented ways–through Twitter, Facebook, mobile phones–had also enabled the authorities to surveil and target their efforts, journalist Susan McGregor understood that metadata was the biggest security risk to her colleagues and their sources. With a grant from the Brown Institute, she started building a mobile app called Dispatch that allowed for secure, authenticated, and anonymous communication and publishing.
But it wasn’t until McGregor attended the Privacy Enhancing Technology Symposium (PETS)* in 2014 that she recognized a major underlying threat–one that potentially stood in the way to solving the problem of secure communications for journalists and their sources. It wasn’t just that many of her colleagues weren’t versed in the technical issues around privacy, but also that the people building security tools didn’t know enough about how journalists worked, or what they valued, to design what they needed.
To bridge this gap for tech people, McGregor teamed up with Franziska Roesner, a professor of computer security at the University of Washington who has a special interest in building security tools, and who was also at the conference. Together they interviewed 15 journalists from the US and France about their workflow and computer security habits. They presented the results on Thursday at the USENIX security conference in Washington DC, to a good deal of excitement. Despite the small sample size, and the fact that the findings won’t surprise many journalists, the effort is seen as a step towards bridging two communities that haven’t historically overlapped. And by laying out some of the basic habits and priorities of journalism, it offers a roadmap to building better, more intuitive security tools for journalists.
Often the reason the tools we build don’t get used by as many people as we’d like is that we didn’t build them with a deep understanding of the journalistic process.
“I was surprised by how little I know about what journalists did,” Roesner says. “For instance–and in retrospect this seems obvious, especially to journalists–I didn’t realize how seriously journalists take their duty to protect their sources. Often the reason the tools we build don’t get used by as many people as we’d like is that we didn’t build them with a deep understanding of the journalistic process.”
SecureDrop, an open source whistleblower system that enables news organizations to accept secure documents from anonymous sources, was one example. Both McGregor and Roesner think it’s one of the better tools out there. But because SecureDrop assumes journalists get stories by way of anonymous sources who drop off sensitive documents, it doesn’t account for a fundamental tenant of the journalistic process–namely, the reporter-source relationship, which is cultivated over time, and often over the phone. And while there are ways to encrypt a cell phone conversation, McGregor and Roesner found that journalists won’t use them if they interfere with a source. “What happens when a journalist is in the middle of a conversation and all of a sudden your source starts feeling more comfortable and decides to share an anecdote?” McGregor asks. “You can’t put them on hold and say, Wait a minute while I encrypt this conversation. Even if you don’t freak them out, the flow of the moment is lost.”
One goal, then, is to design a tool that’s nimble enough to protect the ebb and flow of an evolving reporter-source relationship. But the ultimate goal, McGregor says, is to have secure communication channels and practices be the default in journalism, regardless of whether a reporter is involved in a major investigation or tracking down everyday press quotes.
Language was another gap that emerged.
“When journalists talk about an anonymous source, they’re talking about someone whose identity they know, but whose name they don’t publish,” McGregor says. “Whereas when tech people talk about an anonymous source, they’re talking about someone whose physical identity is unknown. So in the technical sense of the word, almost no journalism actually comes from anonymous sources.”
Roesner was especially inspired when she learned the lengths to which some journalists go to confirm the identity of a source–for example, sending a source a sentence over an encrypted channel and asking them to then post that sentence to Twitter to verify that the source holds both accounts. She hopes that knowing about such ad-hoc approaches may lead to new innovations in security.
On Twitter, computer security specialists were hopeful, too:
Tech people who want to build security tools to protect journalists need to read this first. https://t.co/X2shHOocMI
— matt blaze (@mattblaze) August 13, 2015
A week after new documents released by Edward Snowden show how AT&T helped the US spy on the internet, the study, and the issues it raises around better security practices and governance, have implications well beyond the press. “Journalists have no special protections or exemptions, so in that sense, we have a mandate as a profession to deal with this stuff, but this is everybody. We’re all on our email and phones.”
*Correction: This article originally stated that McGregor attended the Journalism After Snowden conference in 2014; it was actually the Privacy Enhancing Technology Symposium.