Making a case for encryption, from guacamole recipes to top-secret documents

par Jorge Luis Sierra
30 oct 2018 dans Digital and Physical Safety
code

Encrypt everything, including guacamole recipes.

This advice was tweeted by Eva Galperin of the Electronic Frontier Foundation, a San Francisco-based organization committed to the defense of privacy and Internet freedom.

She meant everybody should use this tool to protect all of their online communications.

She is very right: encryption, a process to code information in such a way that only authorized people can read it, should be a matter of everyday practice for any journalist.

All journalists, whether they work in conflict zones, investigate corruption or cover local politics, need to learn how to encrypt their digital voice and text communications. Media adversaries, whether governments, criminal organizations, corrupt officials or companies, can now easily hack journalists’ communications, learn sources’ identities, obstruct sensitive investigations and even destroy or alter electronic documents.

Aside from particular threats they face, journalists should adopt encryption to fight surveillance and make it harder for their adversaries: if all journalists use encryption, it will be much more expensive for adversaries to spy on all of them than to spy on the few who are currently using these technologies.

Fortunately, technology is on the side of journalists and bloggers. Encryption has become an important part of both open source and proprietary communications technology. After Edward Snowden leaked thousands of NSA communications, using technology companies as back doors to the federal agency, Facebook, Google and Microsoft put a stronger focus on security and offer new services like https per defaulttwo-step verification and end-to-end encryption.

Classic tools on the market

There are important steps journalists should take to ensure a safer environment and improve communications security:

  • If your work is under threat from repressive regimes or non-state actors such as private intelligence corporations or criminal organizations, make sure you use all security features of FacebookSkype or Google Hangout, and do not exchange sensitive information through them. Remember that FacebookSkype and Google Hangout messages are permanently stored in their servers, and repressive government can access them through judicial orders.

  • Use only strong passwords. Remember that your username and password are the public and private keys that those companies use to encrypt and decrypt peer-to-peer communication. It is also convenient to enroll in a two-step authentication system so you reduce the chances of intrusion in your accounts.

  • If you use Facebook or Google Hangout, use encrypting tools such as Adium (OS) or Pidgin (Windows) to add a second layer of encryption to your communication. Unfortunately, those tools don’t support Skype chat yet.

New tools on the market

You can use other encrypting applications to secure your data. Jitsi Meet and Peerio are great free open source tools to encrypt your communication. Remember that those tools don’t protect you against key-loggers or untrusted contacts:

Peerio

This new tool provides end-to-end encrypted text communication. Users get a miniLock ID and a cryptographically generated avatar, so they can verify contacts’ identity at a glance. Data is not only encrypted when it travels from one server to another. Shared files remain encrypted until authorized users open them.

Cryptocat

Although this free open source tool has been on the market for some time, it was still unknown to most journalists I have trained over the last two years. You can use it on your browser or your mobile phone. Everything is encrypted before the data leaves the device. You can organize chat groups and send encrypted files and photos. You can encrypt your Facebook messenger communications.

Jitsi Meet

This is a free and open source tool with encryption by default to conduct video and audio conferences, text messages and exchange documents. As it requires no account to use it, you don’t have to share your encryption keys with any company. It supports the Off the Record protocol, meaning that you can integrate Adium or Pidgin functionalities. It offers the same features as Google Hangout or Skype without lack of privacy issues. The tool allows you to set up a password to lock your chat room.

I hope these tips are useful for you. If you want a good guacamole recipe, please click here.

Jorge Luis Sierra is an award-winning Mexican investigative reporter and editor and an expert in digital security. Learn more about his work as an ICFJ Knight Fellow here. This post is also published on The Huffington Post as part of its Next Ten campaign

Main image CC-licensed by Flickr via Yuri Samoilov.