In cooperation with our longstanding partner, Crowdrise, The Huffington Post is celebrating its 10 year anniversary by focusing on the promise of the next 10 years ahead. We're highlighting causes that are near and dear to our ethos -- causes where we believe meaningful strides can be made in the coming decade -- and empowering readers to act and take part. Join us!
By Jorge Luis Sierra
Jorge Luis Sierra is a Knight International Journalism Fellow and an expert on cybersecurity. He focuses on the intersection of digital security, technology and investigative journalism. During his Knight Fellowship, Sierra is developing digital crowd-sourced mapping tools to track crime, corruption and attacks on journalists. He is also creating applications linked to those maps to help journalists assess their physical and digital risks. Previously, Sierra directed ICFJ's Knight Fellowships program. An award-winning Mexican investigative reporter and editor, he covered a range of conflict-related topics such as drug trafficking, organized crime, counterinsurgency and gangs before he joined ICFJ.
“Encrypt everything, including the guacamole recipes.”
This advice was tweeted by Eva Galperin of the Electronic Frontier Foundation, a San Francisco-based organization committed to the defense of privacy and Internet freedom. She meant everybody should use this tool to protect all of their online communications. She is very right: encryption, a process to code information in such a way that only authorized people can read it, should be a matter of everyday practice for any journalist.
All journalists, whether they work in conflict zones, investigate corruption or cover local politics, need to learn how to encrypt their digital voice and text communications. Media adversaries, whether governments, criminal organizations, corrupt officials or companies, can now easily hack journalists' communications, learn sources' identities, obstruct sensitive investigations and even destroy or alter electronic documents.
Aside from particular threats they face, journalists should adopt encryption to fight surveillance and make it harder for their adversaries: if all journalists use encryption, it will be much more expensive for adversaries to spy on all of them than to spy on the few who are currently using these technologies.
Fortunately, technology is on the side of journalists and bloggers. Encryption has become an important part of both open source and proprietary communications technology. After Edward Snowden leaked thousands of NSA communications, using technology companies as back doors to the federal agency, Facebook, Google and Microsoft put a stronger focus on security and offer new services like https per default, two-step verification and end-to-end encryption.
Classic tools on the market
There are important steps journalists should take to ensure a safer environment and improve communications security:
If your work is under threat from repressive regimes or non-state actors such as private intelligence corporations or criminal organizations, make sure you use all security features of Facebook, Skype or Google Hangout, and do not exchange sensitive information through them. Remember that Facebook, Skype and Google Hangout messages are permanently stored in their servers, and repressive government can access them through judicial orders.
Use only strong passwords. Remember that your username and password are the public and private keys that those companies use to encrypt and decrypt peer-to-peer communication. It is also convenient to enroll in a two-step authentication system so you reduce the chances of intrusion in your accounts.
If you use Facebook or Google Hangout, use encrypting tools such as Adium (OS), Pidgin (Windows) to add a second layer of encryption to your communication. Unfortunately, those tools don't support Skype chat yet.
New tools on the market:
You can use other encrypting applications to secure your data. Jitsi Meet and Peerio are great free open source tools to encrypt your communication. Remember that those tools don't protect you against key-loggers or untrusted contacts:
Jitsi Meet. This is a free and open source tool with encryption by default to conduct video and audio conferences, text messages and exchange documents. As it requires no account to use it, you don't have to share your encryption keys with any company. It supports the Off the Record protocol, meaning that you can integrate Adium or Pidgin functionalities. It offers the same features as Google Hangout or Skype without lack of privacy issues. The tool allows you to set up a password to lock your chat room.
Peerio. This new tool provides end-to-end encrypted text communication. Users get a miniLock ID and a cryptographically generated avatar, so they can verify contacts' identity at a glance. Data is not only encrypted when it travels from one server to another. Shared files remain encrypted until authorized users open them.
Cryptocat. Although this free open source tool has been on the market for some time, it was still unknown to most journalists I have trained over the last two years. You can use it on your browser or your mobile phone. Everything is encrypted before the data leaves the device. You can organize chat groups and send encrypted files and photos. You can encrypt your Facebook messenger communications.
I hope these tips are useful for you. If you want a good guacamole recipe, please click here.