Академический Документы
Профессиональный Документы
Культура Документы
Computational Journalism
December 1, 2017
This class
Digital Security Basics
Mass Surveillance and Privacy
Legal Landscape
Threat Modeling
Secure Reporting Recipes
Case Study: Leaked Cables
Digital Security Basics
What everyone in the organization
needs to do
Passwords and 2-step login
Dont fall for phishing
Encrypt your devices
Check your social media and cloud storage permissions
LinkedIn
from June 2012 breach
Gawker
from Dec 2010 breach
Two-Factor Authentication
Something you know, plus something you have
Good Password Practice
If you use the same password for multiple sites, your password is only
as strong as the security on the weakest site.
Protection: beware links that take you to a login page! Always read
the URL after clicking a link from a message.
AP Twitter Hacked by Phishing
AP Phishing Email
Browsers have CA keys built in, so they can verify that a site has a
valid signed key.
In the U.S., the Privacy Protection Act prevents police from seizing
journalists data without a warrant... if you're the one storing it.
And requested
by law
enforcement.
Pictured: Facebook
requests, Q1-Q2 2015
Threat Modeling
How to plan for a sensitive story
What do I want to keep private?
(Messages, locations, identities, networks...)
Axlotl Ratchet
protocol provides
forward secrecy.
Android, iPhone,
Desktop.
Signal vs. Law Enforcement
Email
Email is difficult to secure. Avoid it if you can.
It is much harder.
If they have a gmail address, and you have a gmail address, and
Google is unlikely to cooperate with your adversary, use gmail.
From whatismyip.com
Torproject.org
Tor Browser Bundle
IP address in web server logs
reveals story in progress
E
password E UR E password M
M
L
Assange Leigh
What Assange was thinking
E
password E UR E password M
M
L
Assange Leigh
E ???
What Leigh was thinking
E
password E UR E password M
M
L
Assange Leigh
???
What actually happened
E
password E UR E password M
M
L
Assange Leigh
E
WL password
Archi
ve
M !!!
Digital security for journalists in one slide
Use real passwords + 2 step login. Recognize phishing. Encrypt your devices.
Know what social media reveals.
Use threat modeling to make a plan for your story. Know what you are
protecting from whom. Integrate digital with physical, legal, operational
security.
Know exactly what data is sensitive, how many copies there are, and where.
Some resources
Committee to Protect Journalists information security guide
http://www.cpj.org/reports/2012/04/information-security.php