With journalist Silkie Carlo I have co-authored a ‘handbook’ on practical information security for journalists commissioned by the UK Centre for Investigative Journalism. The CIJ handbook ‘Information Security for Journalists‘ was launched at the CIJ Summer School 2014 in London. The book will be forever freely available in a range of electronic formats – see download links below. In the four months after the initial publication in we have rewritten certain parts based on feedback from the initial readers and updated other parts to stay current with the latest software changes. Many thanks to all who gave us valuable feedback.
Altough this book was originally written for investigative journalists most of the described concepts and technical solutions are just as usable by lawyers or advisors protecting communications with their clients, doctors protecting medical privacy and of course politicians, activists or anyone else who engages powerful state and corporate organisations. Really, we’re all journalists now. Inside the book is a mailadres for getting in touch, please let us know how your are using it and what we can do better.
If you have reasons to suspect your online movements are already under some form of surveilance you should not download this book using a computer or netwpork associated with your identity (such as your home or work systems).
Several participants of journalist training programs have written articles: Information security for journalists: staying secure online by Alastair Reid (from journalism.co.uk) – A day with the surveillance expert by Jason Murdock, Offtherecord.in – Valentina Novak wrote this interview after a lecture & workshop in Slovenia last November.
From the ‘backflap’ of the book:
This handbook is a very important practical tool for journalists and it is of particular importance to investigative reporters. For the first time journalists are now aware that virtually every electronic communication we make or receive is being recorded, stored and subject to analysis and action. As this surveillance is being conducted in secret, without scrutiny, transparency or any realistic form of accountability, our sources, our stories and our professional work itself is under threat.
Journalists were dismayed by the realisation that almost all digital communications are now being recorded; for them and their sources there are real risks and now danger in their work. This danger does not just worry reporters, whistleblowers and other sources, but all those who hear privileged information and whose privacy is considered fundamental to the courts, the practice of law, and justice in all of its meanings. Lawyers and accountants and their clients are now without the protection of client confidentiality, and are vulnerable to the secret surveillance of an increasingly authoritarian and unaccountable state.
After knowing how Snowden’s disclosures were safely presented to the public, we know that there are real safeguards and counter measures available. The CIJ’s latest handbook, Information Security for Journalists, lays out the most effective means of keeping your work private and safe from spying. It explains how to write safely, how to think about security and how to safely receive, store and send information that a government or powerful corporation may be keen for you not to know, to have or to share. To ensure your privacy and the safety of your sources, Information Security for Journalists will help you to make your communications indecipherable, untraceable and anonymous.
When planning work that must remain private and confidential it is important to carefully assess the level of threat that may be associated with it. Shop floor maintenance, building site health and safety, restaurant hygiene, and hospital cleaning may be areas where the precautions and methods described here are unnecessary or might act to complicate and slow down your work. In these cases a phone call made or received away from work or home to a source or a reporter, may ensure sufficient protection at least in making an initial contact.
People working or reporting on national security, the military, intelligence, nuclear affairs, or at high levels of the state and in major corporations should probably consider this handbook as very important to their safety.
Although this handbook is largely about how to use your computer, you don’t need to have a computer science degree to use it. Its authors, and other experts advising on the project have worked to ensure its practical accuracy and usability. The authors expect that after six months, updates and some changes will be required. Please return to download the latest edition. You will not want to download this on a machine or network identified with or close to your employer or your source or your home.
Gavin MacFadyen, Director of the Centre for Investigative Journalism
Download links for the book in PDF for printing on A4 format, ePub ebook for iPhone, iPad & Android devices, MOBI & AWZ3 for Kindle eReaders, LIT for older eReaders and FB2 for Samsung Bada and other Java eReaders. For easy management of ebook collections I strongly recomend the free and Free Software Calibre application. The 1-page instruction leaflet for starting Tails USB-drives here. The entire book is also available as a set of webpages for reading on your laptop as your set it up. Slides from the Summer School 2014 lectures on information security are here in PDF and PPT.
This handbook is being translated into Arabic, Chinese, French, German, Portugese, Spanish, and other languages.
With journalist Silkie Carlo I have co-authored a ‘handbook’ on practical information security for journalists commissioned by the UK Centre for Investigative Journalism. The CIJ handbook ‘Information Security for Journalists‘ was launched at the CIJ Summer School 2014 last weekend in London. The book will be freely available in electronic format and in print after the summer. Just like last year I gave lectures (slides) and ran a hands-on workshop to get journalists ‘tooled-up‘ so they can better protect their sources, themselves and their stories in a post-Snowden world.
From the ‘backflap’ of the book:
This handbook is a very important practical tool for journalists. And it is of particular importance to investigative reporters. For the first time journalists are now aware that virtually every electronic communication we make or receive is being recorded, stored and subject to analysis and action. As this surveillance is being conducted in secret, without scrutiny, transparency or any realistic form of accountability, our sources, our stories and our professional work itself is under threat.
After Snowden’s disclosures we know that there are real safeguards and real counter measures available. The CIJ’s latest handbook, Information Security for Journalists, lays out the most effective means of keeping your work private and safe from spying. It explains how to write safely, how to think about security and how to safely receive, store and send information that a government or powerful corporation may be keen for you not to know, to have or to share. To ensure your privacy and the safety of your sources, Information Security for Journalists will help you to make your communications indecipherable, untraceable and anonymous.
Although this handbook is largely about how to use your computer, you don’t need to have a computer science degree to use it. Its authors, and the experts advising the project are ensuring its practical accuracy and usability, and work with the latest technology.
Gavin MacFadyen, br>
Director of the Centre for Investigative Journalism
This handbook is being translated into Arabic, Chinese, French, German, Portugese, Spanish, and other languages
I will be speaking and workshopping at the 2014 Dataharvest+ conference in Brussels. This conference brings together investigative journalists, (big)data wranglers, coders & hackers to kick journalism into the 21st century.
My contribution will be a series of presentations about applied information security for investigative journalists and hands-on workshops to get security tools working on laptops. So bring yours! Slides I used are here: PPT, PDF. Some tips and links to tools. A video from a comparable worshop last year, since then the situation has turned out to be much more dire.
(this post text started as an email to a Dutch employee of the national broadcast service NOS – somewhat equivalent to the British BBC) – also on Sargasso.nl. See Dutch version of this blog for links to the complete follow-up (in Dutch). Overview of this on Sander Venema’s blog in English.
Yesterday you felt it tweet-worthy that Russia Today TV had cut off a guest who used the platform he was given not to discuss the Bradley Manning trail but instead staged a protest against the horrible LGBT-rights situation in Russia. This incident was to you ‘proof’ that RT could not be trusted as a good information source in other things. As a reference you picked the Dutch newspaper ‘De Telegraaf’. This, in my view, was a rather unfortunate choice since this newspaper has itself a long and sordid history of collaborating with the German occupation, misinforming of misrepresenting world events and generally being a publication that only cares about human rights when it suits their political agenda. All in the tradition of FOX-news and the Daily mail.
At OHM2013 I talked about implications of accelerating tech, some ways to understand the various crisis we’re in right now and some questions we can ask about the strange things our governments seem to be up to these days.
I was critical of most western ‘mainstream’ media because they see quite incapable of asking basic questions such as: “why are we putting Bradley Manning on trial and not the helicopter-gunner who shot up over a dozen civilians including children?” Shooting at children with an anti-tank gun and then lying about it to the world is probably a war-crime, certainly something worth digging into in the context of a war that itself has been started based on lies.
After more than 10 years the organisation you work for seems quite incapable to even come up with the proper questions relating to the greatest western war-crimes since 1945 (let alone have the guts to ask them). This despite the fact that you are paid for, by the public, to inform that public about the world. This so we can make better-informed choices when we go to vote or protest the people we voted for last time.
It is the kind of simple question that RT.com *does* ask (or allows their guests to ask) on-air. And for this reason I find them a good source of information/insight with respect to Western policies and activities. And when discussing getting good information on these policies I was asked what I considered a good source and so I said: RT.
I do not *prefer* using a Russian-state-funded TV channel to get my info about what the West gets up to in Asia or North Africa but the utter failure of organisations like the NOS (and BBC, etc, etc) leaves me with a distinct lack of options. Instead of critising RT for not being the news organisation you would like them to be you really should look for solutions closer to home.
So for somebody like yourself, employed by an organisation that is supposed to ask tough questions but does not (for whatever reason) to use that single incident using that particular source to ‘prove’ a point is, to be quite frank, laughable and sad. Understanding that Twitter is not good for nuance my reaction to your tweet was therefore in kind.
Before and during OHM2013 I did several radio interviews, including with some of your colleagues. Every time I was asked if the hacker-community was a bunch of (cyber)criminals. This despite the fact that in 24 years of Dutch hacker events not a single crime has been reported. I considered to reply with the return question if all journalists where corporatist-warmongering-whores. Obviously this would be somewhat hype as well but at least it would be hype with *some* basis in fact.
During the interviews your fellow journalists seemed to be most baffled by the fact that Julian Assange was happy to spend a full hour talking to our community while they were getting no responses at all to their repeated interview requests. I hope the above shines some light on this situation.
You state your job is listening. I would suggest it is also asking questions and providing context. Taking half a answer out of a 45 min lecture seems to be neither to me.
So about the listening (and asking questions); What is your view on the lack of questions being asked about proven NATO war-crimes and the current war on whistle-blowers & journalists? Would you ask the question:
“Why is Manning in prison, after being tortured (according to the UN), for informing us about war-crimes while the perpetrators of said war-crimes are free to fly/command more Apache helicopters?”
And if not, why not?
Given that my taxes pay your salary and our taxes pay for the bullets in those helicopters I suggest pursuing these kinds of questions (on live TV if possible) might be a better use of your time than tweeting about the possible lack of journalistic integrity of a foreign TV channel. And then some of us might even start referring to you as a ‘journalist’ (a title that one needs to earn, just as ‘hacker’), instead of NOS-employee.
I look forward to hearing your views on these matters. Feel free to forward this mail (without edits of course, you would not want to look like a Russian censorist).