Paranoia, Prism and the Centre for Investigative Journalism

Sitting in a baking lecture theatre at City University earlier this month I listened with in rapt awe as Seymour Hersh held forth about his work uncovering the Mai Lai Massacre .

He was fascinating and engaging. But in a later session he seemed to switch off.  He was one member of a panel discussing Prism and the effect of surveillance on press freedom.  He said we were fools for discussing it – and then lent back with his hands behind his head; a picture of bored indifference.

I think he may have been referring more to the idea that sharing journalist trade-craft in a public forum is kinda dum – not that that will stop me (see below).

Fellow panel member Duncan Campbell – the journalist who told the world about Echelon – was more forthcoming. He warned that while security is important, it can get in the way of reporting.  Too much paranoia is a bad thing, it nearly derailed the Guardian’s recent investigations into offshore tax havens.

Certainly setting up my own PGP account was complex and time-consuming, and I’d struggle to make it work with a nervous would-be source – although, if you are a nervous would-be source and you are reading this, don’t let that stop you.

The good news is that – according to Edward Snowden – not even the NSA or GCHQ can break PGP yet.

That said, having been interviewed a few times by the police, I can just imagine a line of questioning that goes; “So tell me Mr Fern, why do you have Tor on your computer?  Why do you have PGP set up on your account?”

(My answer: “I’m a journalist.”)

So here are a few ideas to help maintain your confidentiality.

  • Handwrite your letters and send them by post, or hand deliver them.
  • Meet in person. Beer is good.
  • Use PGP either constantly or sparingly (otherwise it becomes pretty obvious which emails are sensitive).
  • Buy one-use mobile phones to talk to contacts…and then chuck them.
  • Re-ghost, that is wipe and then reload the software, on your computer regularly.
  • Never open a link or a piece of software unless you know where it is from.
  • Use strong passwords one idea is to create a random kernel of symbols numbers and letters and then surround it with letters gained from the application you are using. So “$$**ppqrst££” becomes “F$$**ppqrst££k” for Facebook.
  • Google, Microsoft, Apple, Skype…they all have backdoors built into them, so do not share sensitive information there.

Finally, just in case you think I’m a paranoid, this from Wikileaks

As I said before…beer is good.

Comments are closed.