Click on the image for the full series.  Original photo by Bruce Evans on Flickr.

Click on the image for the full series.
Photo by blackdenimgumb on Flickr.

As a journalist, our objective is to understand our beats, and to be able to clearly, quickly and accurately report on the goings-on in them. When the basic means of communication are understood, this job becomes much easier, and when they are not, the job can become next to impossible, and potentially dangerous. This is why digital security has rushed to the forefront of journalism. Journalists need to know how to securely transfer their sensitive information without it falling into the wrong hands, while also not endangering their sources, themselves, or their friends and family in the process.

When most people think of digital security, the first topic that comes to mind is Edward Snowden and the NSA. But coverage of the wiretap on German Chancellor Angela Merkel’s phone or the leaked NSA documents published in the Guardian do not address the problems most people face in this new digital security world. While these headlines stoke outrage, they bury the real issues that that journalists and activists will face going forward.

For example, while Snowden was off on a Carmen Sandiego-like galavant across the globe, a little known “secure” email provider named Lavabit was beginning the slow and painful process of shutting its doors, turning off the lights, and going out of business. Because Snowden used Lavabit’s secure email service to transfer files, data, and other secret information to reporters, the F.B.I. ordered Lavabit to hand over user information, including the volume of each and every data transfer and the “source and destination” of all communications. The F.B.I. made these requests legally because the structure of email – in its current form – mandates that email providers store user data on servers, usually third-party servers, and transfer information through a digital ether where it can be intercepted, making plain text email, therefore, completely insecure. Lavabit opted to go out of business instead of giving over user data.

keeping email secure

Email is the nature of our digital communication world right now, and it is just now beginning to address security. Prior to email, if you wanted to send secure information you could put it in a sealed envelope and mail it to the destination. Unless the package was intercepted along the way, there was no infrastructure that could allow a company or government body to learn about the contents of that package months after the fact; a subpoena to the postal service, for example, would be fruitless, even if there was such a feature as tracking added to your package.

Perhaps the prevalence of email makes people like to feel as though it is currently at its idyllic iteration, but frankly that could not be further from the truth. Lavabit and Washington, D.C.-based encryption technology firm Silent Circle have recently formed the Dark Mail Alliance to create a secure email, launching a Kickstarter campaign two months ago to generate funding. As of Nov. 5 they had raised just over $15,000. This endeavor is clearly only the beginning.

Additionally, secure SMS and web-based messaging platforms are in development and available to users, but they have their own hurdles to overcome ranging from building comprehensible user interfaces that everyday users can understand to more established issues like data tracking and telecommunications regulations.

However, being able to securely transmit data is only part of the battle. Mobile phone applications that can successfully track individuals in conflict zones and allow them to notify people when they are in physical danger are also on the horizon. For journalists, activists and citizen reporters who put their lives and their livelihoods at risk to deliver vital information, learning how to securely transfer data is part of the struggle. The ability to enter and exit a conflict zone, to continue to deliver the news that people need, is the overarching struggle.

At the end of the day, software only goes so far and it is up to individuals, communities, and organizations to take the necessary precautions to remain safe and secure both digitally and physically. In this new digital environment, it’s up to us to delve into the chaos, to make sense of this digital world, so that we can collectively enhance our security in the years ahead.

Barrett Holmes Pitner is the Director of Journalism, Communications and Strategy at CommunityRED, a Washington, DC-based non-profit that develops digital security tools for journalists, activists and citizen reporters working in conflict zones. He is a graduate of the Medill School of Journalism at Northwestern University and has covered issues ranging from human rights abuses, nation building and Beltway politics. Recently he served as the senior global editor at Cont3nt.com, a DC-based journalism startup, and prior to that he covered conflicts in Africa for the Institute for War & Peace Reporting and was a multimedia producer at National Journal.

OpenITP improves and increases the distribution of open source anti-surveillance and anti-censorship tools by providing the communities behind these tools with many kinds of support. Follow us at @OpenITP If you would like to contribute to this column or learn more, contact Sandra Ordonez at sandraordonez AT OpenITP DOT org.