Wednesday, 23 August 2017

On journalists and their privacy in the era of mass surveillance

This event was held as part of the Sydney Ideas program and featured (from left in the photo in the blogpost) Gabor Szathmari a founder of the organisation CryptoAustralia, Paul Farrell a journalist at BuzzFeed, Julie Posetti who is head of digital editorial capability at Fairfax, and Benedetta Brevini a senior lecturer in communication and media at the University of Sydney. Brevini did the honours as compere.

Farrell kicked off the evening last night, which was titled ‘Journalism, Resistance and Metadata’, by providing some background about his own career. He studied journalism at the University of Technology, Sydney, and has worked at the Guardian. He is also co-founder of the Detention Logs website and was the lead reporter on the Guardian’s Nauru Files. In 2014 Farrell said the Guardian was still soliciting stories via email, but added that the police had routinely investigated journalists’ stories to find their sources.

“It’s challenging to be confronted with evidence of mass surveillance,” Farrell said. “It’s a structural problem for people doing journalism.” Farrell found out by accident that the AFP had in fact even accessed his own phone records. But he did note that journalists had been successful in securing amendments to the federal government’s metadata laws.

Posetti comes to her job at Fairfax after a stint in Paris, where she worked on a large study funded by UNESCO during 2014-15 that involved input from journalists and editors in 121 countries. Privacy is a global crisis, she said, with legal frameworks being eroded everywhere. She said that there’s a need to strengthen laws protecting journalists and their sources. Acts of journalism should be shielded from surveillance, data retention, and handover of material connected to confidential sources.

She said that she understood that using an encryption tool could be a red flag for authorities, but that protecting sources is an ethical consideration. “It’s almost impossible to protect sources,” she said. But the killing of sources was a distinct possibility in many parts of the world. She noted that in some countries where the repercussions sources can face if their activities are discovered are very severe, journalists are reverting to analogue measures to avoid detection. “Really basic measures,” she said, such as meeting in obscure locations like parking garages. “You can revert to analogue methods but you have to be smart.” In some countries, she said by way of example, the authorities use facial recognition technology to identify sources. She also said that in order to protect their sources some journalists stretch the timeline between accessing the source and publication.

Szathmari said that he senses a power disparity between the offensive side (the authorities, who can conduct mass surveillance) on the one hand, and journalists on the other. “It makes sense to go back to the basics and leave the phone at home.” He suggested that journalists should use SecureDrop and GlobalLeaks for first contact. Posetti advised opening a Signal account in order to be able to use encrypted communications to talk with sources.

Farrell said that there is “an almost willful misunderstanding about these tools”. Older journalists, he opined, seem to relish a complete lack of understanding about them. Brevini added that there’s a lack of care, in some cases, for sources.

As to how to get laws protecting journalists and their sources strengthened, Posetti said that journalists now have a responsibility to report about these issues “in ways that allow citizens to appreciate what is happening”. Journalists are obliged to explain to the public the likely outcomes if we continue down the current path.

Szathmari illustrated some of the problems facing journalists and their sources by talking about the case of Reality Winner, a US intelligence contractor who was charged with leaking information about the US election to The Intercept, a US media website. The documents were printed at the NSA, handed over to The Intercept, and rescanned, then published on DocumentCloud. But the printer at the NSA left a trail, because all printers add a series of microdots to printed documents. The NSA was able, by examining the microdots, to identify the exact printer the documents were printed on, and the approximate date they were printed. This information led them to Winner.

Szathmari said that to combat this kind of sleuthing by authorities there is now a PDF redaction tool that converts documents to PDFs but which also removes the printer’s microdots. Journalists can use the tool in order to “clean” documents received from sources, so that the documents can be safely made accessible to the public. CryptoAustralia was started in 2015 and ran workshops with the Walkley Foundation in Sydney last year. Their next meeting is on 20 September.

No comments: