What is the NSA collecting about activists, reporters and you? The NSA gathers the phone numbers, locations, and length of virtually all phone calls in the United States. It collects records of nearly everything you do online, including your browsing history and the contents of your emails and instant messages. It can create detailed graphs of your network of personal connections. It can create phony wireless connections in order to access your computer directly. It can intercept the delivery of an electronic device and add an “implant” allowing the agency to access it remotely.
Companies, too, undertake surveillance. Investigative reporter Adam Federman found that the “American Petroleum Institute (API) paid private global intelligence firm Stratfor more than $13,000 a month for weekly bulletins profiling activist organizations and their campaigns … from energy and climate change to tax policy and human rights, according to … WikiLeaks in 2012.” Federman reported that when a community group of 10 people met to screen environmental films and attend local environmental forums, a private security firm identified them as likely planning an eco-terrorism attack. A bulletin with the group’s information – where and when they met, and upcoming protests – was sent to the Pennsylvania Department of Homeland Security alongside information about other groups such as Al-Qaeda affiliated groups and pro-life activists.
When reporters cross borders, they are at increased risk of surveillance. As the 2013 federal district court case of Abidor v. Napolitano showed, border agents in much of the U.S. can search, copy, and detain a U.S. citizen’s laptop computer, cell phone, or other electronic device even when the agents have no reason to suspect any wrongdoing. The court held that the government had reasonable suspicion to search and detain Abidor’s laptop because Abidor, a Ph.D. student in Islamic history, had pictures of Hamas and Hezbollah rallies on his computer, and because he possessed both U.S. and French passports. When the laptop was returned, evidence showed that agents had examined Abidor’s personal files, including photos and chats with his girlfriend.
How, then, do reporters protect themselves and sources in an era of surveillance? At the TMC/IIT Chicago-Kent workshop, Gavin MacFadyen, Director of the Centre for Investigative Journalism at University College London, warned, “The first minute is the most crucial when the whistleblower calls a reporter.” At the workshop, a group of technical experts discussed technological tools and practices that journalists can use to protect themselves and their sources. Eva Galperin of the Electronic Frontier Foundation discussed threat modeling, in which a journalist or organization assesses potential threats to determine the level of protection needed. Threat modeling involves building a comprehensive list of people or entities who might be after information in one’s possession (say, an opposing lawyer, the NSA, or a foreign government). It then considers the nature of the information to determine the tools, such as encryption, which are required to protect it.
Once the level of threat is determined, reporters can use specific tools for defending against online surveillance. They can protect themselves and their sources by maintaining strong and unique passwords, detecting and avoiding fraudulent “phishing” emails, encrypting their laptops and other electronic devices, and using two-factor log-in authentication where available. They can protect anonymity with Tor, a powerful tool that works by obscuring the source and destination of online communications. They can use tools such as GPG to encrypt their emails and other communications and render them illegible to third parties.
Journalists can also use tools such as ObscuraCam, developed by the Guardian Project (unaffiliated with the U.K.’s Guardian news organization) to remove potentially identifying data from digital photos, and to obscure the faces of people appearing in photos in situations in which being identified might put them in danger. And news organizations can implement SecureDrop, a secure submissions system for receiving documents from anonymous sources.
No single tool or practice can render a journalist “NSA-proof” or immune to corporate spying, but appropriate tools and strong security practices can significantly evade surveillance and increase the reporters’ ability to deliver a well-researched, convincing story without exposing sources to harmful retaliation.