Modern communications and the rise of the surveillance state make it harder than ever for journalists abroad to protect their sources. The consequences for sources can be dire, even fatal.
Journalists going abroad need to start by asking if encryption is legal where they will be. Does the government forbid certain kinds of apps? Do you need to show your ID to get a SIM card for your cell phone? “Find out the answers to these questions before you go,” advises Susan E. McGregor, assistant director of Columbia’s Tow Center for Digital Journalism. She adds that reporters also need to know if the telecommunications companies are state-owned. “If they are, you will need to be careful never to send specifics about people or locations via text message or e-mail especially.”
Technology can also help journalists defend those who would talk to them. In countries that don’t ban encryption, journalists can use encrypted e-mail tools, like Pretty Good Privacy, encrypted hard disks (FileVault2 for the Mac, PGP or TrueCrypt, BitLocker or DiskCryptor for PC), encrypted phones, encrypted chat (SilentCircle, Wickr, to name just two), and encrypted voice (Signal).
If encryption isn’t allowed, don’t take your regular laptop with you. The Associated Press (AP) sends reporters on overseas assignments with freshly scrubbed systems that don’t have data on them. These computers are scrubbed again when the reporter returns. The PCs are encrypted whenever legally allowed, though reporters must be careful, says Ted Bridis, editor of the AP’s Washington investigative team. “When you use the tools of a spy, you start being suspected of being a spy.”
Reporters should also use software like Tails and Tor to anonymously surf websites. The tools are complicated and clumsy, but they are important.
Bridis says there’s a limbo zone on international flights where the plane is outside any terrestrial jurisdiction. “It’s just a matter of time,” he says, before AP reporters find themselves confronted in-flight, or at border crossings, by U.S. or another government’s border police, demanding to copy electronic devices and asking for encryption keys.
In many countries, journalists work out of government offices, where the government controls communications. To make a phone call that isn’t bugged requires leaving the office.
Code words need to be developed for writing about sensitive subjects. And journalists should avoid putting data into the hands of cloud providers like Amazon or Google, because it’s easy to subpoena the information. Journalists working abroad should avoid hotel WiFi, Internet cafes, and corporate networks, especially when transmitting data. Even journalists who use encryption can have their keystrokes captured by a key logger.
Digital eavesdropping is just one problem reporters face; old-fashioned surveillance still happens, too. Things shift based on circumstances. Judith Matloff, a veteran of two decades of foreign reporting, wrote, “In some situations, you should go low-tech, like meeting on park benches. In other circumstances, use sophisticated encryption software and proxy servers but don’t use encryption in a country that bans it.”
Matloff also teaches conflict reporting at Columbia University’s journalism school, and like every journalist contacted for this story, refused to share every method she uses to protect sources.
She says journalists should avoid social media and SMS messaging, because it can reveal their whereabouts. She recommends “dummy” notebooks that have no compromising information in them. Computer cameras can be turned on without your knowing, and she recommends covering them, and putting a cover above your hands when typing. Paper is fine for taking notes, but remember to burn, not shred, the notes.