You are a photojournalist in Syria with digital images you want to get out of the country. The source might lose their job or face legal trouble. If they are identified before the story comes out, at the very least you will lose your source. You are reporting on insider trading at a large bank and talking secretly to a whistleblower who may give you documents.
You would prefer that the police commissioner not know of your story before it is ready to be published, to avoid any possible interference. You have talked to sources including police officers and victims. You are reporting a story about local police misconduct. These are simplified versions of real situations that journalists have faced. To make this concrete, throughout the rest of this post I’ll refer to the following security scenarios. Threat modeling is a general approach to thinking through your security needs and coming up with a plan that suits your unique circumstance. My goal is to turn unknown unknowns into known unknowns. Nonetheless, I hope to provide a useful conceptual framework. That is not possible in a single article. In fact, this is not even a comprehensive reference on the technical aspects of information security. This is not a guide to journalism security in general, which would include the physical safety of reporters and sources. Not only are legal, physical, and operational concerns crucial to information security, but information security is only one part of security. In reality, though, all aspects of security are indivisible. (And of course, Source is a data journalism resource.) It has much less to say on the legal, physical, and operational aspects of information security. It goes into some detail on the technical aspects of information security because reporting now depends heavily on information technology. This is a brief introduction to journalism information security. Either way, the ethics of journalism demand that we attend closely to security. If you can ensure safety, you can do important work that would otherwise be too risky.
A good security plan should plausibly reduce the risk of something bad happening, and mitigate the damage if the worst does happen-but security is also about making things possible. There are two ways to look at the goal of security work.
It comes from understanding your security problem thoroughly, and successfully executing a plan to mitigate your specific risks.
CRYPTOCAT AUTHOR SOCIAL MEDIA INSANELY FAST SOFTWARE
A security plan might involve specific software tools, but security doesn’t come from software. There are many ways to do this, but this post is structured around four basic questions.Īfter you answer these questions you will be able to make a security plan, a set of practices that everyone involved in the story must understand and follow. The goal is to construct a picture-in some ways no more than an educated guess-of what you’re up against. This is called threat modeling and is the first step in any security analysis. This work begins with thinking through what it is you have to protect, and from whom. But assuming that everyone you are working with is already up to speed on basic computer security practice, there’s a lot more you can do to provide security for a specific, sensitive story. If one of your colleagues uses weak passwords or clicks on a phishing link, more sophisticated efforts are wasted. In part one of this series, we covered the digital security precautions that everyone in news organizations should take. If you know that your work as a journalist will involve specific risks, you need a specific security plan.
0 kommentar(er)
