Digital Security for Journalists | Ten Tools for PrivacyCategory: misc
A 9 Minute Read
22 Jan 2014
Image By Esther Vargas
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
Journalists today are facing ever-increasing security challenges. With more and more sensitive information being stored or transmitted digitally, the attack surface against journalists has become large. Often this can be of little consequence, but in some cases it can put a source's reputation, career, or even life at risk. And with governments continuing to crack down on free press, all journalists should begin to develop more robust security practices. Even those with low threat models need to at least familiarize themselves with the practices needed to operate securely, as failing to do so creates a chilling effect.
Consider this: would a source with highly valuable, but highly sensitive information come to you if they knew your current security practices? If the answer is yes, then that's fantastic. But for the majority the answer is probably no. If a source can't find a PGP key on your website, why should they have any confidence in you to keep them safe? Moreover, often people realize that they need to have stronger security only after their security is compromised, and unfortunately security cannot be improved retroactively. That's why it's a very good idea to begin improving your security practices before you need them. Fortunately, a bit of hard work and research can help lessen this problem. Here are ten tools journalists should know about.
1. Tails: The Amnesic, Incognito, Live System
Tails is one of the best ways that you can increase your level of security. Tails is an operating system that can be booted from a USB stick, and which forgets all your activity when you're done using it, leaving no trace. Of course you can also divide off a section of the USB drive where you can store files persistently and securely using encryption, but we'll get to that later. One of the main benefits to using Tails is that it is much more secure than standard operating systems such as Windows or OSX, where your data is more easily stolen.
The core feature of Tails is the way it routes traffic through the Tor network. Tor offers a great degree of anonymity and privacy by encrypting your internet connection and sending it through three servers placed around the globe. This means that it's incredibly difficult for either an adversary to see what you're doing online, or for a website or service online to know who you are. This can be useful for both communicating with a source who wishes to remain anonymous, or for researching a sensitive story. After all, reading about Al-Qaeda communication practices or underground criminal syndicates probably raises some flags on you that would best be avoided.
Tails comes preloaded with a number of other tools as well, including most of the ones that we will be discussing, so its a good thing to try out if you plan to follow the rest of this tutorial. You can download Tails from the Tails website, where installation instructions are also provided. Again, I strongly encourage all journalists to explore Tails and the tools it has to offer, as to at least be familiar with them should they ever be required (consider it practice).
2. File/Disk Encryption
Disk encryption is an integral part of any security strategy. Without encryption your files can be read regardless of how long your login password is. With disk encryption however your files are safe and secure. Again, this may not be an issue if you're reporting on your local farmer's market's summer peaches, but if you're working with anything sensitive it's important that you take this step in case your computer is seized or stolen.
As was mentioned earlier, Tails comes preloaded with tools to create an encrypted partition on your USB drive. This allows you to boot up Tails, work on a project, save the working files on the encrypted partition, and then shut down again, leaving virtually no trace of the session other than what's on the encrypted partition.
3. PGP (Pretty Good Privacy)
PGP encryption is the gold standard for encrypting emails. Using a public key to encrypt emails, and a private key to decrypt them, PGP allows other people to send you encrypted messages without you needing to give up your password. This is known as assymmetric cryptography, and can be used for encrypting files as well (although email is the most popular application). Another feature of PGP is the ability to digitally 'sign' messages or files, which allows you to prove (to a certain extent) that you were the one that sent them. Tails includes an email client called Claws Mail which includes a plugin for PGP encryption. I also have a guide on using PGP with Thunderbird, and you'll find hundreds of others scattered across the internet. Learn to use PGP, because it is considered to some to be a security-litmus test.
4. Off The Record Encryption (OTR)
Often email isn't the best option for having a conversation online, where instant messaging is far more convenient. However, encrypting instant messages is just as important as encrypting email, and fortunately there exists a brilliant method to do this. Off The Record encryption (OTR) is a system which not only encrypts your IM sessions, but offers a few features that in some ways make it better than PGP. More specifically, OTR has a property known as perfect forward secrecy (PFS), which means that in the future, even if someone held a gun to your head, there would be no practically possible way to decrypt the messages. This is in contrast to PGP, where if someone were to compromise your key they would be able to read every encrypted message that you ever received. What OTR does to achieve this is generate, and then subsequently destroy keys throughout the conversation, all without you ever noticing.
OTR also offers ways to authenticate the person you're talking to (that is to say to verify that they are who they say they are), while at the same time making it impossible to prove that anyone ever said something after the conversation is over (assuming either part isn't logging it). In a way, it returns us back to the days of having a face to face conversation, where any statements made are nothing more than 'he said, she said'.
Using OTR is remarkably easy, and you can use a program called Pidgin Messenger to do it. This can even be used to encrypt Facebook chats, though setting up a chat account on a more privacy-centric service is easy enough. I've got a guide on how to use OTR with Pidgin here, as well as how to set up an XMPP (chat) account.
As good as PGP is, email in general is fraught with a lot of problems, particularly in the way metadata is leaked. I2P-Bote is a system which helps solve those issues. You can almost think of it as if Email, PGP, and Tor had a baby, except instead of Tor, which you've probably heard of, I2P-Bote lives on the I2P network, which you probably haven't heard of. I2P is similar to Tor in many ways, but while Tor mainly focuses on reaching the regular internet, I2P is more focused on creating it's own internal, private, and anonymous internet. I2P-Bote doesn't use regular addresses like email, rather the addresses are actually the encryption keys themselves. It's a great way to communicate with people anonymously and securely, and I've got a longer write-up on exactly how I2P-Bote works and how it can help you here.
In order to use I2P-Bote, you'll need to first install I2P, or if you're using Tails activate it (which can be done through the menu). I2P-Bote also needs to be installed as a plugin, which I outline how to do in my guide (its a fairly simple process though). I rated this as medium/hard mainly because of the learning curve associated with I2P, but once you have it up and running using I2P-Bote is actually fairly straight-forward and simple.
TextSecure is a simple Android app which you can install to replace your stock text-messaging app. Basically what it does is integrate the OTR encryption discussed earlier into text messages. With TextSecure, if you message someone else without the app everything functions as normal, but if the recipient also has the app installed it will encrypt the message. This is a great tool for avoiding bulk collection/surveillance, although Android phones are known to be fairly hackable if you're being targeted. Nevertheless, it's an incredibly easy step to increase your level of privacy when talking with sources or editors, and its completely free and open source.
Redphone (Android) and Signal (iOS) are similar to TextSecure, and are in fact made by the same person (Moxie Marlinspike). These apps however work with phone calls instead of text messages. Again, if the recipient doesn't have the app installed then everything operates as usual, but if they do the entire conversation gets encrypted. These two apps, along with TextSecure, are almost 'musts' to install on your phone because of how damn simple they are to use, without having any drawbacks.
This tool is perhaps the least sexy out of all the ones listed, but remains to be just as important. Much of the population uses incredibly weak passwords. Even worse, they use the same incredibly weak passwords on multiple accounts, and unfortunately this remains one of the largest security holes that is the simplest to plug. After all, imagine if someone got the password to your email account, with every email you've ever sent to a source or editor being open for reading. KeepassX is a program which creates an encrypted database for all your passwords, allowing you to only ever have to remember the master password for the database itself. Not having to remember passwords dramatically increases how secure and complex your passwords can get. In fact, KeepassX allows you to generate 100+ long character random passwords that you can simply copy and paste into login forms. With multiple major password breaches happening every couple of months, creating long random passwords is becoming increasingly important, and makes the use of any of the encryption tools dramatically more effective.
KeepassX comes preinstalled on Tails, just remember to save the database file on your persistent partition! It would also be a good idea to protect it with a password and back it up somewhere, just in case you lose your Tails installation.
Tahoe-LAFS is a robust cloud backup solution that stores your files with the utmost security and integrity. This makes it a great solution for anyone doing journalism with sensitive information, and/or where there is a risk of your hardware being inspected or physically destroyed. For example, if you're working in a country with a repressive government you can back up your data using Tahoe-LAFS and then wipe your laptop before going through any customs. Better yet, if you do this using Tails/Tor then you're likely to bypass any online surveillance/censorship efforts as well.
Essentially the way that Tahoe-LAFS works is that it splits your files into chunks, encrypts them, and sends them to a network of servers to be stored. The main idea behind it is that not only is it provider independent, meaning that it doesn't matter even if your files are stored on NSA servers, but it is also extremely fault tolerant, meaning that your data isn't going to be lost from one server going down.
Currently, running Tahoe-LAFS requires some Linux know-how, but the developers are working on more 'Dropbox-esque' imlementations, so its worth keeping an eye on. It's also currently being integrated into Tails, where it will be perfect for persistent and secure storage between sessions. Unfortunately we don't know for sure how user friendly either of these solutions will be yet (thought I've heard good things on the development so far), but if you're versed in a command line then definitely check out LeastAuthority.com. Least Authority provides you the back-end server grid that you can upload your files to, and for $25 a month you get unlimited storage.
Ah, airgaps. These are definitely for those with some fairly high threat levels. Airgaps are computers that never connect to the internet. In fact, people who use air gaps often go as far as to destroy any wireless card, bluetooth chip, and even microphone that's attached. This provides huge security advantages, but also creates quite a few limitations and hurdles to jump over while working. Those who handle the Snowden files, such as First Look Media and Bruce Schneier, have been known to store them on air gapped computers, and probably anyone working in national security journalism should have one as well. But other than storing sensitive documents, airgaps also shine when used to encrypt and decrypt PGP protected emails, using a USB stick in between to relay the encrypted messages to a internet-connected computer. This protects against any spyware that could be compromising encryption by logging passwords or taking screenshots. Of course, air gapped computers are in a pretty high league of threat models, but it's good if you at least know what they are, because again, you often don't realize you need robust security until you should have already have had it.
A Final Note
Do remember that none of these tools can guarantee you anything, but when properly used they can be of great benefit and can mitigate risk dramatically. I strongly encourage you to read more in depth about any of the tools listed, and equally importantly how they can be compromised. But at the very least try to keep them in mind just in case any sensitive work arises.