Be paranoid - protecting sources in the digital age

Monday 13 February 2012, 18:17

Stuart Hughes Stuart Hughes is a BBC World Affairs producer. Twitter: @stuartdhughes

A journalist's right to protect the anonymity of their sources is a principle enshrined in the law of many countries.

As the European Court of Human Rights ruled in one notable case, "protection of journalistic sources is one of the basic conditions for press freedom... Without such protection, sources may be deterred from assisting the press in informing the public on matters of public interest."

For journalists covering stories involving repressive regimes, however, the main concern isn't that our sources could end up in court - it's that they could be exposed or even killed for sharing information the authorities would rather keep secret.

But with so much potentially sensitive information sitting on laptops and smartphones, and being shared through phone calls, emails and text messages, how can a journalist ensure the safety of their sources without acting like an amateur James Bond?

For guidance, I spoke to a senior consultant in the international cybersecurity industry.

"Assume the worst," was his blunt advice.

"If you're in a foreign country and you're using their infrastructure, it's reasonably safe to assume that people will be listening in and that your communications aren't secure.

"Also assume that if your computer is out of your sight at any time, or if anyone takes it off you, someone will have had a look at the hard drive and put software on it to get future information from you without your knowledge.

"Commercial antivirus software will deal with everyday threats and is important to have, but you've got to assume you're dealing with a more sophisticated adversary who'll have ways of getting around it," he said.

In reality, it's almost impossible to be sure that any communication is absolutely secure.

"There's no silver bullet - you can't go out and buy one thing that will give you 100% security," my source admitted.

Even so, here are some simple tips that journalists can employ to create a 'layered defence' system to enhance confidentiality and help keep sources safe:

- Keep any device that holds sensitive information with you at all times. Don't let it out of your sight. If it's impractical to carry your laptop with you 24 hours a day, consider using an encrypted memory stick, or create an encrypted hidden partition on your hard drive using commercially available software.

- Create a "Pocket PC" - a USB stick loaded with the free Linux operating system - to reduce the risk of sensitive data being left on an infected computer.

- Lock your laptop and smartphone with a strong password made up of a long string of letters and numbers. Also make sure that the laptop BIOS is locked down and has a strong password. Don't use any word appearing in a dictionary. A determined hacker will be able to bypass a password but it may deter an opportunist intruder.

- Hide sensitive details within a Word document by saving it in a white font to make it 'invisible' at first glance against a white background.

- Don't save documents in obvious places like the My Documents folder - store them in more obscure sections of your hard drive. Give documents 'boring' file names that won't arouse curiosity if someone casually starts browsing through your files or demands to look at your computer at a checkpoint.

- Use an open source Voice Over IP (VoIP) application such as Asterisk, rather than landlines or mobile phone networks, for more secure voice calls. Because the source code is freely available, any security loopholes are often quickly spotted and patched by developers. Making calls via Skype is safer than using local telephone networks, but because the source code is closed it's difficult to know who's able to hack it.

- 'Chunk' sensitive information and send it in small blocks using different methods of communication - email, SMS, instant messenger. Anyone monitoring your digital traffic may be able to intercept part of the message but they're less likely to be able to see the full picture if it's divided up and sent over various platforms.

- Use free or commercially available steganography software which enables you to hide encrypted data inside innocent-looking files such as photographs.

- If you're concerned that your internet activity is being monitored, mask it by using the Tor browser, which conceals the user's location and web usage. It's slower than normal browers but is more secure.

Although it's easy to become paranoid about who may be trying to monitor your communications, my cybersecurity source believes these techniques should be standard practice for any journalist concerned about information security.

"You wouldn't leave your notebook on a park bench or a train, so why would you leave your data wide open for all to see," he says.


Jump to comments pagination

This entry is now closed for comments

Share this page

More Posts

Pinterest: test-driving the latest self-expression engine

Friday 10 February 2012, 18:17

Event: Reporting the Olympic/Jubilee Year

Tuesday 14 February 2012, 10:31

About this Blog

A blog for the College of Journalism at the BBC Academy, discussing current technical, ethical, production and craft issues in journalism.

Blog Updates

Stay updated with the latest posts from the blog.

Subscribe using:

What are feeds?

Follow us on Twitter

New twitter image News and comment about journalism and interaction with the College:


Also from the College

Esra Dogramaci

Web analytics: The Basics by BBC digital consultant Esra Dogramaci


Mukul Devichand

How to be a digital innovator by Mukul Devichand, creator and series producer of BBC Trending


Writing for mobile

Writing for mobile by BBC mobile editor Nathalie Malinarich


James Montgomery

Leading innnovation in news by BBC News director of digital publishing James Montgomery


Other great places to follow debates about journalism and media:

George Brock: thoughts on journalism past, present and future from City University's head of journalism

The Media Blog: lively and often funny topical detail about UK media output

British Journalism Review: selected pieces from the authoritative quarterly journal

MediaShift: PBS monitoring of the changing media world from a US perspective

Arts & Letters Daily: more interesting ideas and good writing than you will ever have time to read

Alltop Journalism: links to the most recent posts on many journalism blogs

About the BBC: varied BBC blog about all things BBC-ish

Columbia Journalism Review: US academic perspectives

Facebook + Journalists: Facebook's own guide to its use by journalists

Jon Slattery: UK media news from the former deputy editor of Press Gazette

Meeja Law: Judith Townend's guide to media and legal issues 

Roy Greenslade: Guardian blog by the former Mirror editor now journalism prof

Wannabee Hacks: information and experiences from aspiring journalists.