Journalists must be vigilant with security & communications
15 October 2014
There is a telling scene in Laura Poitras’s new documentary about Edward Snowden, CitizenFour. It shows Snowden in a hotel room in Hong Kong last year chatting about surveillance to myself and Glenn Greenwald, both of us looking bemused.
Neither Glenn nor myself is particularly computer literate. Glenn famously ignored Snowden’s initial approaches on the internet because he failed to set up a secure system.
In the Mira Hotel, Snowden repeatedly warned us about the need to protect our communications, from phones to laptops. The telling scene in CitizenFour came when Snowden asked Glenn for his laptop and teased him for failing to remove a card with secret documents.
The NSA whistleblower teased him further when he asked Glenn to type in his password and, after Glenn complied, noted that it sounded as if his password was just four characters long.
Glenn defensively replied that he types fast.
I am still not particularly computer literate but I am much more careful about internet security than before Hong Kong.
I use encrypted email, as do many of my Guardian colleagues: The Guardian set it up for us. And if it is for a really sensitive exchange, I use a method suggested by Snowden: a combination of Tor, which helps hide locations, and encrypted chat PGP.
Such security is not necessary for routine exchanges. But encrypting emails is the minimum journalists should be doing to protect sensitive sources. What we learned from the Snowden documents is the ease with which journalists can be targeted and the speed with which the intelligence agencies and police can locate sources. They can - and do - gain access to emails, phone records and any other electronic data used by journalists, and, through that, can track journalists and identify sources.
When I was on The Scotsman in the early 1990s, I wrote a story based on a leaked document from the Ministry of Defence about alarm over construction of a new facility at the navy base at Faslane on the Clyde, a lift that would raise nuclear submarines out of the water for refits. There was concern about its reliability.
On the day of publication, the MoD press office phoned to say I was in possession of stolen property, it was theirs, they wanted it back and set a deadline of the next day, midday. I ignored the threat, the MoD took no action against me and the source, as far as I know, has remained anonymous to this day.
Try that now. Within minutes, the MoD could go to a minister and say the source had to be identified as this was a serious breach of national security, a mole inside a nuclear submarine base. Within minutes of getting approval, the intelligence services or police would have access to all my phone records and emails. My IPhone would provide them with details of every location I had been to recently.
Is this paranoia? Journalists in Britain are relatively free to go about their work but lots of recent incidents have demonstrated just how fragile this is. The police gaining access to the phone records of a freelance journalist as well as ones from The Sun and the Mail on Sunday.
There are other causes for concern. There is the destruction of the Guardian computers under legal threat and supervised by GCHQ officials. The detention of David Miranda under the Terrorism Act. Greenwald and Poitras, both journalists, are reluctant to visit the UK, both wondering whether it is safe for them to do so.
Poitras was - and probably still is - on a US government watchlist. Prior to Snowden, she was stopped about 40 times travelling to her home in the US, frequently being interrogated and having her cameras and recording equipment taken away.
Also in the US, under the Obama administration, the records of more than 100 AP journalists were seized by the authorities looking for the source of a security leak.
And it is not just the intelligence services and police that require vigilance in the debate over the balance between national security and privacy. Snowden highlighted to the extent to which the telecom and internet companies hand over personal material to these agencies.
In both the US and the UK, there is a need for new legislation. Britain’s RIPA, which provides the legal basis for the interception of communications, was designed for an era before the technological revolution. Its language is too vague and too broad.
There is a need too for proper political and judicial oversight.
I applaud the NUJ for its campaign against snooping on journalists.
The final word should rest with Snowden. He was inside the CIA and the NSA. He became exercised about a whole host of surveillance issues. The US spying on its friends. The lying by the NSA to Congress. The scale of mass surveillance. But what issue did he choose to concentrate on in exile? Protecting journalists’ sources. He is working, with the help of foundation money, on a programme to help journalists establish better protected systems of communications.
He well knows the importance of journalists, whistleblowers and sources in a democracy.
Ewen MacAskill is The Guardian's defence and intelligence correspondent.
An international conference has been organised by the National Union of Journalists and the International Federation of Journalists on Thursday 16 October 2014 in London to discuss concerns about mass surveillance of the media and to explore practical steps for safeguarding journalists and their sources. Read more about the event and view the conference resources online.