It’s bad news for journalists when a government official delivers this chilling message: “I know what you are going to publish tomorrow.” Yet, these words are common in many countries where governments are spying on newsrooms and individual journalists.
While independent media are subject to the proclivity of some governments to spy and tap their communications, it is also true that some media organizations don’t protect their information from cyber-espionage and technical attacks.
Media organizations are becoming more aware of the need to protect their digital assets, such as databases, archives, contacts, directories and passwords, now that we know many African and Latin American governments have used the services of the Hacking Team, an infamous Italian company that sells malware. The problem is highlighted in this story of a group of independent Ethiopian bloggers who were targeted and arrested by their government.
To respond to this threat, organizations that have resources may purchase sophisticated computers, encrypted phones, security software, and powerful firewalls to contain attacks. They may also hire consultants and companies selling digital risk mitigation services.
When organizations don't have resources, they should take advantage of the many free and open-source digital security tools available in the market, such as Surveillance Self-Defense and Security in a Box. That’s the positive note: a culture of digital security is now growing.
However, in my visits to newsrooms in Latin America, I have noticed a disturbing trend: media organizations try to use new technology without changing their editorial processes. In some cases, news organizations use editorial workflows from the old analog era as they enter the new digital one.
For example, they use regular telephones or plain text messages to exchange sensitive information like the names of sources, content of stories, time and place of interviews, or location of reporters.
The exchanges are not encrypted; everything is discussed in phone calls that can be tapped, or non-encrypted emails and easily hackable chats.
Any government or private actor eager to "listen" to these conversations can do so at a very low cost and with a high rate of success. So media organizations are unwittingly leaving themselves open to espionage.
How can we break this vicious circle? What type of editorial change do we need to protect our information?
The answers can be found in the same organizations. They need to create new workflows, better adapted to evolving security technology, and change their processes as threats evolve. Everybody from the top to the bottom should play a role in this change, in a continuum of creativity and cooperation. This would open doors to new ideas from all members of the newsroom.
To face governments prone to spying on journalists, we need to think outside of the old and unsafe box.
Jorge Luis Sierra is an award-winning Mexican investigative reporter and editor and an expert in digital security. Learn more about his work as an ICFJ Knight Fellow here.
Main image CC-licensed via Flickr courtesy of Mike Mozart.