Cyber Security for Journalists

By Henry Peirse - 25 Aug 2017

None

How to protect yourself from online surveillance

Are you being watched? This is not paranoia or a conspiracy theory. Online surveillance is a very real threat to journalists all over the world. Our computers all have webcams. We send messages on email, text and social media constantly. We use the internet for research and store documents on the cloud. Working online is so commonplace now we often do it without thinking. And in doing so we leave a trail of data behind us. It makes it easy to track our movements, see who we are talking to and access our files. Protecting sources can be an issue of life and death. All journalists would view protecting the contents of their notebook (physical or digital) and their sources as a cast-iron right. But working online makes this increasingly difficult. As can the law. The UK’s Investigatory Powers Act, introduced in 2016, allows the security services to track the population’s web browsing history and hack into computers and mobile phones. Mapping Media Freedom (https://mappingmediafreedom.org) reported in January 2016 that 80 people, including the families and lawyers of journalists, had been under surveillance in Poland. A laptop and mobile phone are part of every journalist’s toolkit now. What can you do to protect yourself and your contacts? Some solutions require you to be more tech savvy but there are also simple steps you can take to protect yourself and others.

Get a second computer and go off grid

Don’t leave your computer unattended. Journalists increasingly work remotely. Whether you are on public transport, at the airport or working in a cafe, do not leave your computer where others can access it. Don’t store files on your computer. Keep them on an external drive, such as a memory stick, which you keep with you or store in a safe place. Make sure you have a back up copy in case you lose it! If your computer falls into the wrong hands, your work and your contacts book will not be on it. If you are worried about people tapping into your computer via the internet, then don’t connect it. Get a second laptop which you never use to go online. It doesn’t have to be expensive, in fact basic is best. An offline computer can be used to store documents, using a USB stick or portable hard drive. Carrying a mobile phone with you is effectively like having a neon sign pointing at your location. The authorities and phone companies know where you are and can easily listen in on what you are saying or read your text messages. There are apps which can encrypt phone calls and text messages but you are still trackable. One option is to buy a prepaid phone anonymously to arrange a meet up and then dispose of it.

Use a VPN

What is a VPN? This stands for Virtual Private Network. It sounds technical but it’s easy to use. It’s a means of browsing online without your internet service provider being able to track which sites you are visiting. The data you send from your computer is encrypted and goes through the VPN’s servers. This has a number of advantages. Your internet service provider can only see that you are connected to the VPN, not what you are looking at or sending. Your data is encrypted so no-one can read it. Also your location shows up as the location of your VPN, not where you actually are. If you work on public WiFi a lot or are working on sensitive data, a VPN protects you from people hacking into your computer. There are lots of companies who provide this service for a small fee every month. Why doesn’t everyone use a VPN? Well apart from many not knowing what one is, there are some potential pitfalls. It slows down your internet connection. Also just as your internet service provider in the UK has a to keep a log of your activity, so would a VPN based in the UK. If you are choosing a VPN, get one which is not based in a country subject to such surveillance rules. You do have to trust the VPN provider to protect your privacy. It doesn’t make you invisible. That data trail is still there and the VPN has the keys to track it. If you want to make the data trail more complicated and throw people off the scent, you can use Tor.

What is Tor?

Tor (https://www.torproject.org) is a bit more technical but it’s a way of stopping snoopers figuring out where data is being sent from and to. It’s a series of volunteer run servers which hide where information is coming from. Imagine a network as a series of nodes. Usually your data would go from A to B. It’s simple and quick. With Tor, your data is routed, randomly, from A through to D, through to G, through to J, and then on to B. Why does this help? Your data is effectively sent with an envelope with an address on it, saying where it is going to. Each time Tor sends your data to a new server, it gives it a new address which simply says A to D, then D to G. It doesn’t say A to B at any point. Tor is like the layers of an onion, you have to peel them off to find the message. This gives you an additional layer of security. For more details on how to stay safe online and protect yourself from surveillance, read the CPJ Journalist Security Guide https://cpj.org/reports/2012/04/technology-security.php
Need help?
Call Johnson
Available 9am - 5pm GMT
+ 44 207 9765335