It’s easy to forget at times, amidst the numerous breeches of trust undertaken by journalists in recent years, that they actually play a crucial role in maintaining a degree of transparency in society.
A major part of this role is undertaken through providing whistle blowers with the secure platform to disclose wrong doing. Central to this is the assumption of anonymity to the whistle blower, but a recent study casts doubts on the ability of the media to provide this.
The security habits of journalists
The study explored the digital security habits of a number of journalists and found a plethora of potential weaknesses that put the security of their sources at severe risk.
For instance, it appeared common for journalists to either disable or fail to use security features because they hampered their attempts to gather information. They also often fail to consider potential security issues with cloud services.
“The way people try to bridge gaps can introduce security issues,” the authors say.
“If you use your iPhone to translate speech to text, for example, it sends that information to Apple. So if you record a sensitive conversation, you have to trust that Apple isn’t colluding with an adversary or that Apple’s security is good enough that your information is never going to be compromised.”
New technological challenges
Central to this is the wealth of new tools that journalists can use to go about their work. Keeping up to date with the various security challenges posed by the new technologies is often something that journalists struggle with.
“Addressing many of the security issues journalists face will require new technical solutions, while many existing secure tools are incompatible with the journalistic process in one way or another,” the authors say.
Far from too pessimistic however, the authors contend that it is actually an opportunity for new tools to be developed that snugly fit the workflow of journalists in a secure way.
The wrong tools for the job
This was manifest in the finding that existing security tools often hindered attempts to obtain information by providing roadblocks to communication, which were often determined by the sources themselves.
For instance, one open source service that was designed to allow whistleblowers to send documents safely and securely to journalists was not really adopted because of the challenges it created in authenticating the source’s identity.
Likewise, encryption tools can often leave behind metadata that is sufficient to connect a reporter with a source should the matter be investigated.
It underlines the opportunities that exist for the digital security industry to better serve journalists in areas such as content management.
“Tools fail when the technical community has built the wrong thing,” the authors conclude. “We’ve been missing a deeper understanding of how journalists work and what kinds of security tools will and won’t work for them.”
Whistleblowers as a whole need greater protection imo, or indeed anyone that gives 'negative' feedback on things. Most get punished rather than rewarded.