Encrypted email helps journalists 'digitally whisper'

by Jessica Weiss
Jan 20, 2014 in Journalism Basics

Whether following a tip, breaking news or combing through facts, sometimes a journalist's job involves working quietly under the radar--or even undercover.

According to U.S.-based digital communication nonprofit LEAP, all journalists should have the right to “digitally whisper,” or communicate without being tracked.

But whispering online can seem especially challenging these days, when advances in surveillance technology are “rapidly eroding the ability to do so,” according to LEAP's website. In some cases, journalists’ emails are being hacked. But in more extreme instances, journalists and activists are hurt or even killed after their communication technologies betray their identity, location and conversations.

In the coming weeks, LEAP will unveil an open-source, encrypted email that it hopes will be useful for journalists and newsrooms, many of which still rely on email as the main form of online communication. The free email system is being touted both for its high security and ease of use.

Here’s how it works: The software is downloaded and installed and then used in conjunction with a standard email client (such as Thunderbird, Apple Mail or Outlook). The email client connects to a local proxy, and LEAP’s “Bitmask” application takes over all the encryption services, enabling the service provider to encrypt all incoming messages so that only the intended recipients can read them.

To achieve this, LEAP “automates the key-exchange part of the encryption process, which is probably the most cumbersome component,” writes Laura Kirchner in Columbia Journalism Review. “LEAP also makes sure that the service provider never has access to your data, because the encrypting and de-encrypting all happens on your computer. Significantly, LEAP also encrypts message metadata in addition to the content of the messages themselves.”

Kirchner points out that this security does have a trade-off: Using LEAP means you can’t log in to your email through the web; you have to enter through the software on your computer.

Among the software’s other known limitations, the initial release also will not support email aliases, email forwarding or multiple accounts simultaneously.

Still, "what you lose in convenience, you gain in control,” Kirchner writes. “The service provider you use to send your email won’t be able to read your mail.”

LEAP’s first service was Encrypted Internet Proxy, introduced in 2013, which provides circumvention, location anonymization, and traffic encryption.

Now, after a year of development, the public beta of client-encrypted email will launch in the coming weeks, and journalists are invited to try it out.

To learn more, visit LEAP.

Jessica Weiss, a former IJNet managing editor, is a Buenos Aires-based freelancer.

Image courtesy of Flickr user David Bleasdale under a Creative Commons license.