Freedom of the Press Foundation Steps Up Encryption Efforts for Journalists
By Denise Lu via PBS
With the NSA constantly popping up in headlines this year, it’s important to look into how to protect journalists who need to communicate with confidential sources. The Freedom of the Press Foundation aims to support and defend transparency journalism in an era when it is especially scrutinized.
The foundation recently announced a crowdfunded campaign to improve the development of open-source encryption tools to aid journalists in their communication with sources. The tools include:
- The Tor Project, the organization conducting extensive research and building technology solutions, including the Tor Browser Bundle, used by journalists to anonymize their web browsing habits and physical location. The Tor Project is passionate about bringing technology, training and greater awareness in digital security for journalists around the world.
- Tails, a ground-breaking operating system that can be started on almost any computer from a DVD or USB stick and never touches your hard drive. Tails attempts to solve many surveillance problems by “doing the right thing” out of the box by default — from browsing the web anonymously, to using state-of-the-art cryptographic tools to encrypt files, email and instant message.
- RedPhone and TextSecure, the encrypted phone and texting apps created by renowned security expert Moxie Marlinspike and his project Open WhisperSystems. Both RedPhone and TextSecure are designed to implement end-to-end encryption, while simultaneously making those advancements as invisible and effortless as possible for the user.
- LEAP Encryption Access Project, a new non-profit founded by long-time experts in the field of communications security, focuses on adapting encryption technology to make it easy to use and widely available. They have created an open-source email system that automatically handles key management, decryption, and encryption, along with server software that allows any provider to offer email service that is compatible with the application.
I talked with Josh Stearns, a founding board member at FPF (and MediaShift contributor), about the campaign to find out more about the importance of these tools in the modern newsroom. The following is an edited transcript of that conversation.
Q: Why are these tools completely necessary now for journalists?
Josh Stearns: Right now, there are battles raging in Washington, D.C., and around the country about how to protect journalist sources. Traditionally, that’s the shield law. Almost every state now has a shield law. It protects journalists from revealing their sources in court. However, increasingly, law enforcement doesn’t need to have journalists testify in court because they could get a secret subpoena to look at their phone records and metadata. So what we need from journalists now to protect sources are new tools that can head off that kind of surveillance as well as reforming the laws that allow that kind of surveillance to happen.
Why is it important that these projects are open-source?
Stearns: Open-source allows anybody to take a hard look at the code behind these tools and find weaknesses. If a tool is proprietary or closed, then people can’t get in and make sure there aren’t backdoors built in either by the company or by the NSA. So open-source is a really critical piece of why we’re really supportive of these tools at the foundation. They ensure that things can be accessible, proven and built-upon. Journalistically, I think open-source is an important ethic for journalists who are working in public interest and want the tools they use to also be oriented around the public interest.
How are these tools specifically different than other encryption tools out there?
Stearns: There are a lot of encryption tools out there. However, I think historically journalists haven’t been that engaged in these discussions or that involved in developing these tools, and so the tools aren’t particularly suited or customized for the newsroom or for journalists.
So what we’re trying to do is create a suite of encryption tools or support those encryption tools that already exist that we can really tailor and make the most useful as possible for newsrooms and journalists. These four tools that we’re going to be supporting are all being created by proven security experts who we really trust and we believe are creating tools that are going to be most useful for journalists and newsrooms. We’re working with them to create customized and tailored information, blog posts, guides and training to help journalists understand how they use these tools.
If the campaign is fully funded, do you currently have a rough timeline of when the projects will be available for use?
Stearns: Some of the projects are already in use. We have an encryption guide on the Freedom of the Press Foundation website that gives you a great overview of how to begin using some of these tools. But all of them could be stronger and more user-friendly. So much of open-source technology is being done by people who are really passionate but whose projects are mostly under-funded and people who are doing this in their spare time. We believe that if we want to have broad-based adoption for these tools, we need to strengthen them and make them as user-friendly as possible so that journalists aren’t intimidated by beginning to adopt these tools.
How are you planning on marketing these tools so journalists will know about them?
Stearns: Luckily, the nature of the campaign itself allows us to push out a lot of information about these tools and get them in front of people. Our executive director and our chief technology officer have been out at ONA and at conferences and doing webinars to try and encourage the adoption of these and other critical tools. We will be pairing this with educational efforts and training.
Why did you guys decide to go the crowdfunding route to fund these projects?
Stearns: That’s the idea that our foundation is built upon. When we launched a year ago, we believed that we needed to rethink how donating to press freedom and non-profit journalism was done. We’re encountering really critical reporting all throughout our daily life — whether it be through Facebook or Twitter or finding great links — and it’s too hard for people to go back and click through and find the donate page and donate. You’re never going to support a full range of journalism that you consume that way because it’s coming in such an atomized way.
So what we wanted to do was to create one-stop shopping for donating to hard-hitting, accountable journalism and press freedom efforts. We create a place where with one donation, you can support all of these different tools. So that effort that we launched a year ago has proven remarkably successful. In the last year, over 6,000 people have donated almost $500,000 to non-profit journalism efforts that we have distributed to these projects. So we’re going to keep building on that idea that people really want to support hard-hitting non-profit journalism, but we just need to continue to make it easier for them and raise their awareness about the best journalism happening out there.
Can you also tell us about the SecureDrop project? How does that work exactly, and do you hope on expanding that to more news organizations?
Stearns: The late Aaron Swartz started coding it a couple years back. The first newsroom to implement his version of the code — it went through a security audit, and a couple security researchers found what they considered were some real challenges with it. So we actually adopted the open-source code, did a whole bunch of improvements to it, and had the same security researchers kick the tires on it and are very pleased with how it has come out.
So now we’re implementing it in newsrooms. What this will allow newsrooms to do is basically have their own WikiLeaks hosted on their own site to allow for secure, anonymous leaks and communication with sources via their website in a manner that is just about as secure as we can get it. This allows sources to leave documents for journalists or have a back-and-forth. Rather than use email, you can use this system. It allows for secure communications.
This is the sort of thing that all newsrooms really need to be thinking about because if you look at someone like Chelsea Manning, she tried to actually leak the New York Times or Washington Post before going to WikiLeaks but couldn’t figure out how. So then she went to WikiLeaks. Right now we have about two newsrooms that have implemented this, we have about a dozen more who are waiting to install it on their site, and we hope in the next couple of months to get that set up for them.
Ever since WikiLeaks and this year Edward Snowden have been in the news, how do you think the general public’s idea of whistle blowers has changed?
Stearns: We’re definitely seeing an age of increased government security and secrecy. At a time when Obama has promised to be the most transparent president ever, we’re actually seeing a situation where this administration is one of the most secretive and controlling of the press.
For critical information to reach the public, leakers are becoming a fundamental part of how that journalism process is being done in a state of such secrecy. I think the public is starting to understand that. It’s a complicated thing for the public that doesn’t fully understand what’s being released by someone like Edward Snowden. And, at a time when trust in journalism is in an all time low, the idea that journalists are the arbiters of these documents that may have national security information in them, I think is a challenge for some people.
I’ve been very appreciative of what I’ve seen in journalists, how they’ve treated these documents, what they’ve decided to reveal. So I actually think that what this is doing — and the Pew data backs this up — is renewing people’s belief in the watchdog world of journalism even while trust in journalism is still at a low level. That idea that we need journalists to be watchdogs is actually on the rise according to Pew statistics.
Have you seen an increase in journalists coming to you for these tools in the wake of the trending news? Do you think that FPF specifically has been affected by this change in perception?
Stearns: In the journalism industry, I think that the Snowden revelations have been a huge wakeup call, especially coming on the heels of learning that the Department of Justice had secretly seized 20 AP phone records. All of this stuff came at once this summer, and it has sent shockwaves through the journalism landscape. So we’ve seen a huge increase in the number of workshops and trainings and discussions at conferences and online about security and encryption tools, and we’ve definitely been flooded with requests from individual journalists and newsrooms that want to build these practices more into their routines.
Do you think this will change the way of reporting in the future?
Stearns: I think these revelations have fundamentally changed the way that journalists are going to report on sensitive activities and it’s going to make people really not take their own privacies for granted. How quickly we see widespread adoption of these encryption tools is really up in the air, and it’s going to mean that we need to really invest in these tools, which is why we’ve launched this project.
It’s a two-way street: Encryption doesn’t work if only one person is using it. You need to have the source comfortable using it, you need to have your whole newsroom feeling secure because all it takes is one colleague to open an infected email and something will get on the network. So there’s a long learning curve ahead of us. I’m really encouraged by the response so far. I think if journalism schools really step up and begin making this a part of their curriculum as well, that will help, and I hope that we can help them do that.
We’re not interested in just having encryption for the New York Times or the Washington Post or ProPublica. It’s critical that anybody who wants to implement these tools can. We’re really dedicated to making sure that freelance journalists, alternative news organizations and others of any size and budget can get up and running on these tools. This is really meant to be encryption for all, and press freedom for all as well.
Denise Lu is an editorial intern at PBS Mediashift. A journalist focusing on culture, tech and online media, she has contributed for Mashable, Pretty Much Amazing, Evolver.fm and other publications. Denise is currently a senior at the Medill School of Journalism at Northwestern University. She will be joining the design team at the Washington Post in January as part of her journalism residency.