More DW Blogs DW.COM

onMedia

Quality Journalism in the Digital Age

10 essential tips to teach digital safety for journalists

PMobil

The NSA spying scandal is continuing to make headlines, and the recent news about the severe safety loopholes exposed by Heartbleed is frightening. And yet for many the threat remains worryingly rather abstract.

A recent survey in Germany found that the vast majority (75 percent) of Germans have not changed their behavior when it comes to personal data. Every second person still believes they have nothing to hide. Even if journalists have become more sensitized to digital safety, most still don’t know what PGP or OTR means. The topic is however of the utmost importance, not only to protect journalists themselves, but more importantly, their sources.

This is precisely the reason why the DW Akademie organized an open online workshop on digital safety last December. The topic is also now an integral part of Deutsche Welle’s own journalism training.

The biggest challenge by far is not about teaching and demonstrating tools, but rather to convince journalists to actually change their behavior and the way they communicate.

Journalism training has to be carefully reconsidered, says DW Akademie’s Steffen Leidel. Here are Steffen’s digital safety training tips for journalists presented during his talk at the International Journalism Festival in Perugia.

1. Don´t Panic

 

threema

Whoever deals with the topic of digital security should try to think strategically and not panic. When Facebook bought Whatsapp, everyone suddenly spoke about the vulnerabilities of the popular instant messaging app. One of the most frequently mentioned alternatives was Threema. Within no time sales of this Swiss app skyrocketed. This lead to absurd situations, where you could spot the Whatsapp logo right next to the one of Threema on the smartphones of colleagues. Its somewhat naïve and counterproductive to think that a miracle app exists.

2. We have to pass the Greenwald Test

It’s a widely cited anecdote that Glenn Greenwald initially had no idea how to use encrypted communication, and Edward Snowden had to first show him how it works, before he could entrust him secret documents.

Greenwald is no exception, few journalists are real technology geeks. Things have to be simple, but unfortunately most safety tools are complicated to use for beginners. This is one of the reasons Snowden called on the security industry at this year’s SXSW to develop simple tools. Privacy measures “have to pass the Greenwald test,” he said.

Journalism training should therefore always make sure participants are not bombarded with too many tools and options. Less is more.

3. Digital Security is no rocket science

The entry barrier for journalists to become proficient in digital safety is often too high. Unfortunately, the type of training offered, or the lack or training, is to blame.

Digital safety training is not available in many media organizations, or the workshops on offer are rather sparse. We need more trainers to take on the subject. And what’s important is that they are able to take the perspective of a journalist and avoid designing the workshop from a purely technical perspective.

Frank Smyth, Executive Director of Global Journalist Security, says part of the problem lies with the network community itself that deals with this topic: “The irony is the Internet freedom community preaches an evangelical message, but instead it remains for the most part a small club with unwritten barriers of entry and become palpable to anyone who lacks the technological acumen to be fluent in the community’s slang.”

The training methodology also needs to improve. Having a playful approach when training this topic can be very helpful. This webpage by Tactical Technology Collective for instance is particularly noteworthy and shows in an interactive way how we leave our traces online. Other examples include the animated instructional videos of the Journalist Survival Guide or the Security Quiz How vulnerable are you.

4. Teach Data Awareness – Don’t overlook the obvious

The debate about digital safety has been greatly narrowed in the public perception of the NSA spying scandal. But journalists should also be aware of the personal data they disclose on a daily basis. In non-Google Stores alone, every third Android app is malicious, according to a recent study.

Obviously not everyone realizes how revealing metadata can be. Jonathan Mayer and his research team from Stanford University showed just how sensitive telephone metadata can be. “We found phone metadata is unambiguously sensitive, even in a small population and over a short time window. We were able to infer medical conditions, firearm ownership, and more, using only phone metadata.”

This video by the American Civil Liberties Union (ACLU) is a great example illustrating the dangers and shows what you can do with geo-data.

It’s also quite impressive to have Google track you for a while and then show your seminar participants your Google Location History.

google location

 

 

 

 

 

5. It‘s not about tools – it’s about understanding concepts

Yes there are an incredible amount of open source tools for digital safety, but journalists should at least have heard of the ones most widely used. Digital safety workshops should however not give the impression that it’s simply enough to have the right tool to communicate securely. First, one has to look at the context in which a journalist is operating before deciding how to help. Using security tools suddenly and sporadically may even be counterproductive. Someone who normally writes regular emails and suddenly encrypts emails communicating with a particular person, might draw unwanted attention. What journalists need to understand is that their communication is unsafe. They should understand how the internet works, what an IP address reveals about their internet usage and what end-to-end encryption means. It is all about understanding the fundamental concepts, the tools themselves change.

6. We need more data protection journalism

Lets face it, the hype over data journalism hype is big. In the age of big data, data journalism is experiencing a boom. But how do you evaluate massive data sets and how do you visualize this data?

I believe journalists should not only learn how to communicate safely, they should also report much more on what happens to personal data. Data journalism also means data protection journalism. This interactive web special by ZEIT Online about mobile data storage is an impressive example.
spitze

It shows the motion profile of Malte Spitz of the German Green Party, based on the evaluation of his mobile telephone metadata. The handling of data is one of the most important issues of the 21st century that journalists should be aware of.

7. Understand the threat

Many journalists still believe they have nothing to hide. The threat is still too abstract. Evgeny Morozov once put it in a nutshell: “… through the surveillance programs of the NSA [there appears] to be no damage for each individual. It’s a crime without victims.”

It’s thus all the more important that participants in digital safety training understand the threats they might be facing. There are more than enough examples. Be it the SMS that participants of a demonstration received in Kiev, or cases such as Ala’a Shehabi, who like many other activists from Bahrain, was a victim of the regime’s spyware.

The contacts and sources of journalists are often targeted by intelligence agencies because reporters are not taking enough precautions. Above all, journalists must be taught how to identify and assess their own risk potential and who they can potentially threaten. Jonathan Stray has developed a useful threat modeling formula: Security = Model + Tools + Habits.

8. Stay realistic

Theoretically, you can do countless things to protect yourself digitally, but many are simply not realistic. Only a few people, such as Barack Obama, have access to special secure tents for making phone calls.

You can’t be expected to wrap your mobile in special foil and always leave it in the refrigerator, or only use encrypted communications and completely give up using Google and Facebook.

Moreover, it’s important to note that there’s not a silver bullet for protection in this digital age. Only through awareness and training will you know what to implement during a normal day and make protection sustainable.

9. Integrate Security Experts in the newsroom

More and more media companies are integrating programmers into their newsrooms. The physical proximity between coders and editors is becoming essential in the design of data journalism projects. Especially when it comes to security issues, colleagues should not be far away, but unfortunately this is quite common.

Typically the IT department is located at the other end of a building, and the security experts don’t always have the needs of journalists in mind.

It’s therefore recommended to have experts who can provide information on security quickly and respond to questions from the newsroom. For example: are my digital safety measures really working?

10. Know where to learn

tutorials

Digital safety is an issue where you must continually keep yourself well informed. It’s a dynamic and ever changing field.

Organizations such as the Tactical Technology Collective, CPJ, EFF and the Rory Peck Trust have done an excellent job offering well designed tutorials and resources.

Check out our post on the best online digital safety resources.

And finally here is a Twitter list of experts in digital saftey that are well worth following.

Date

Thursday 2014-05-01

Share