Sitting in a baking lecture theatre at City University earlier this month I listened with in rapt awe as Seymour Hersh held forth about his work uncovering the Mai Lai Massacre .
He was fascinating and engaging. But in a later session he seemed to switch off. He was one member of a panel discussing Prism and the effect of surveillance on press freedom. He said we were fools for discussing it – and then lent back with his hands behind his head; a picture of bored indifference.
I think he may have been referring more to the idea that sharing journalist trade-craft in a public forum is kinda dum – not that that will stop me (see below).
Fellow panel member Duncan Campbell – the journalist who told the world about Echelon – was more forthcoming. He warned that while security is important, it can get in the way of reporting. Too much paranoia is a bad thing, it nearly derailed the Guardian’s recent investigations into offshore tax havens.
Certainly setting up my own PGP account was complex and time-consuming, and I’d struggle to make it work with a nervous would-be source – although, if you are a nervous would-be source and you are reading this, don’t let that stop you.
The good news is that – according to Edward Snowden – not even the NSA or GCHQ can break PGP yet.
That said, having been interviewed a few times by the police, I can just imagine a line of questioning that goes; “So tell me Mr Fern, why do you have Tor on your computer? Why do you have PGP set up on your account?”
(My answer: “I’m a journalist.”)
So here are a few ideas to help maintain your confidentiality.
- Handwrite your letters and send them by post, or hand deliver them.
- Meet in person. Beer is good.
- Use PGP either constantly or sparingly (otherwise it becomes pretty obvious which emails are sensitive).
- Buy one-use mobile phones to talk to contacts…and then chuck them.
- Re-ghost, that is wipe and then reload the software, on your computer regularly.
- Never open a link or a piece of software unless you know where it is from.
- Use strong passwords one idea is to create a random kernel of symbols numbers and letters and then surround it with letters gained from the application you are using. So “$$**ppqrst££” becomes “F$$**ppqrst££k” for Facebook.
- Google, Microsoft, Apple, Skype…they all have backdoors built into them, so do not share sensitive information there.
Finally, just in case you think I’m a paranoid, this from Wikileaks
As I said before…beer is good.