Digital Security For Journalists

The Strategies: Source Protection and Digital Security

Preface: Beware the Buzzwords

Since the Snowden revelations of 2013, a seemingly endless supply of app developers and service providers has emerged onto the online landscape promising “private,” “anonymous,” and/or “secure” communications. Despite the recent SnapChat settlement,41 however, companies’ use of these terms is unregulated and the terms themselves are generally poorly defined.42 Yet in order to meaningfully protect our digital communications, clarifying the nuances of these terms is essential. We began that process in an earlier section, where we exposed the legal concept of privacy to be importantly limited to, among other things, information that has not been shared in any way with a third party.

“Anonymity,” meanwhile, is a word that is often used as a catchall to describe communications that may, in reality, be anonymous, pseudonymous, or simply unpublished. In journalism, citing “anonymous” sources is usually “a last resort”43, but such sources are typically anything but: Their physical and/or legal identities are likely well-known to the reporters and editors with whom they work. “Pseudonymity,” meanwhile, describes any handle other than our direct physical or legal identity. In this sense, all digital communications are technically pseudonymous, whether or not we generally think of them as such. Pseudonyms may be persistent or one-time use; an email address of your legal name is a pseudonym as much as a throwaway Reddit account. As we will see, however, the most important characteristic of an effective pseudonym, for journalists and sources, is whether or not it is linkable to its user’s physical or legal identity.

The concept of linkability is crucial precisely because, as discussed above, it is what undermines the practical value of most current shield protections for journalists. Though the concept of source protection is often thought of as not “naming” your source, the reality is that the defaults on most email, chat, text, and telephone systems do exactly that with every exchange through the digital traces these activities leave behind. The metadata records stored by service providers can so efficiently link journalists to their sources that the authorities need rarely make the effort to take journalists to court.

Though in Risen’s case the government argued that “[n]o other person can [identify] Sterling as the individual who disclosed the national defense information”, Risen’s grand jury subpoena was quashed precisely because many metadata records already linked him to Sterling.

This means that where protecting the identity of a source is truly necessary, it is essential that these communications be unlinkable.

As we will see below, effective use of pseudonyms is an essential component of achieving unlinkability. Yet pseudonyms themselves present something of a conundrum: How can we know who really “owns” a particular digital identity? This fundamental issue is one of the reasons that so many of us have rushed to “claim” the email addresses comprised of our legal names on major service providers, and why many organizations follow a simple firstname[dot]lastname[at] pattern when generating email addresses as well. These practices recognize the problems of authentication and verification - determining who “owns” an email address or telephone number. While we often assume that an email address made up of someone’s legal name belongs to them, in reality we also take steps to verify digital contact information, though often without thinking about it: Someone gives us their email address at an event, and we continue the in-person conversation digitally; we call a phone number we’ve been given and the voice that answers sounds like our friend or colleague; we arrange to meet someone via chat and the person we expect shows up at the right place and time. In each case, we use some kind of non-digital communication to verify that the person using the email address, telephone number or chat handle is the same person who provided it to us. In the digital world, this is often described as “out of channel” or “out of band” verification, and it’s an important aspect of using all digital pseudonyms, including the “public keys” that we will discuss below. The complement to this process, meanwhile, is authentication, where someone proves to us–through their physical self or voice–that they are who they claim to be. If authenticating a person’s identity ourselves isn’t possible, then we have to rely on the word of someone we trust.

Of course, the easiest part of protecting our information–whether it’s footage, photographs, notes or a source list–is through a strong password practice. As we’ll see in more detail below, the simplest way to do this is simply to stop thinking password and start thinking passphrase. This makes for logins that are both easier to remember and harder to crack.