Friday 24 November 2017

Protecting whistleblowers and journalists' sources in the digital age

As well as Paul Farrell from BuzzFeed we had on the panel host Julie Posetti, Peter Tonoli from Electronic Frontiers Australia, and Elise Worthington a journalist at the ABC who works on investigative pieces. The hashtag for the evening was #protectsources.

The Panama Papers release was enabled using encryption, and was unprecedented in history in its scope. But in India they are creating the biggest biometric database in history using iris scans. India’s equivalent of the high court says that privacy should be enshrined in law. In Australia, the government is introducing biometric passports that will mean that you won’t need a paper passport anymore and the authorities will use iris scans at airports. In 2013, after Edward Snowden’s leak the UN started to get worried about the undermining of fundamental human rights, and contracted Posetti’s work unit to study the environment for whistleblowers and journalists’ sources. The UNESCO study took place over a 10-year period covering 121 countries, and involved 134 survey respondents, and made 33 recommendations.

A creeping effect was noticeable, not just dramatic changes. There is a struggle between the right to feel safe and that of free expression. Journalists are now going back to analogue tactics to protect sources. Often discovery occurs at the point of first contact.

Farrell said that we’re lucky in Australia because the potential cost for whistleblowers was not as severe as it was in some parts of the world, but he said we’re still in a precarious position. He said it was increasingly easy for government agencies to go after journalists’ sources. Worthington said that journalism relies on protecting confidential sources. It is the responsibility of journalists to educate the public and sources on the best ways to contact you. Tonoli said that you are only paranoid if they’re not out to get you. Non-anonymity, he went on, is a problem in social media because of Facebook’s true-name policy and Twitter's verification mark. He added that there is a red flag for journalists who use the secure browser Tor.

Worthington said that she had dozens of people contact them for a 4 Corners story and she had gone to the trouble of setting up a separate device without a SIM card that stays in one location: a dumb phone. She had 30 people contact her on Signal and of them 80 percent had never used Signal before. There is an appetite for these methods of communication in the community, she said. Farrell said that using Signal reduces some of the barriers for first contact, and that mobile encryption is easier to achieve therefore better. Tonoli said that Signal is not just used by whistleblowers but also by normal people in the broader community.

The panel then discussed the issue of the different levels of security that belong to sources. Knowing at what level people who want to contact you are working is important. Worthington said you don’t know what level you’re working at and so it is easy to leave a trail. You need a way to find out easily who people are. Tonoli said that Signal is pretty secure but that the organisation that owns it has in the past been subpoenaed by the government.

Posetti went on to say, pointing to the journalism that Farrell had produced, that the Australian government had started to treat offshore refugees with the same sensitivity as subjects that have traditionally been considered to be part of national security. Farrell noted that he had covered a story once about the Australian authorities turning back boats and had found subsequently out that the AFP had launched an investigation into his research. Then, he started writing about this. He discovered that the AFP had illegally accessed his phone records. Worthington said that there is good reason to be paranoid. She added that during the Panama Papers investigation she had found that the encryption that they had to use was quite cumbersome but it was critical otherwise they would never have got access to the information. She worked on the project full time for a month then part time for six months.

Tonoli said you should use method with a small digital footprint. Send a letter, for example, if you are a whistleblower. For journalists, he said you should put your Signal information on your Twitter bio. Farrell noted that law enforcement agencies have finite resources, and are not interested in a lot of these communications, but he added that using Signal is a good starting point. Tonoli said you need all journalists to use encrypted methods to get herd immunity. Worthington noted that the encrypted data deposit method called SecureDrop is very expensive to implement. Farrell said that as a journalist you should make yourself as accessible as possible for the community. He pointed to the Tails operating system that you can boot from USBs and DVDs. Tonoli noted that the Tails operating system has tools that let you anonymise images.

There were some no-shows for the evening hosted by the University of Wollongong at their Sydney Business School at Macquarie Place, next to Circular Quay. Peter Greste was sick and unable to attend, the ABC’s Caro Meldrum-Hanna was on assignment and couldn’t make it, and Gerard Ryle from the ICIJ couldn’t make it because he was just off the plane.


From left: Peter Tonoli, Elise Worthington, Paul Farrell, Julie Posetti.

No comments: