In the fall of 2011, the British journalist and documentarian Sean McAllister was in Syria interviewing underground activists. They had agreed to be interviewed to spread the word about their team’s work outside of Syria, under assurances from McAllister that their identity would not be revealed.
However, McAllister failed to encrypt his mobile and SMS data, which included raw footage of interviews with activists whom the Syrian regime was hunting down and the names and contact details of his sources. A few days after the interview, McAllister was arrested and his hotel raided. His files were taken, and some of the interviewed activists fled the country; others were arrested, some of them never heard from again.
While new technologies have democratized free expression, they have also expanded risk. Surveillance means that governments or hostile actors can come after you anytime — and they do.
Many of the most repressive states are cracking down on dissent by leveraging information gained through technology.
For journalists, this means that if you do not know how to keep your digital tools safe, you — and those you come in contact with — are now at significantly increased risk.
Internews partners with journalists and media organizations in some of the most dangerous places on earth — from Ukraine to South Sudan to Afghanistan. In the face of a host of new dangers, new responses are also needed. Whether it is education for individual journalists or affordable digital security support for media and NGOs, keeping our partners safe is a top priority.
Here are five key ways to prepare front-line journalists and activists to protect themselves, their sources and their partners.
1. Talk openly about the risks that journalists face.
Last year, amid the anti-government movement taking hold in Ukraine, journalists on the front lines of the Maidan protests (and everyone else in the area) received a blast SMS message making clear that the government knew who was covering the protests. The journalism community quickly found itself in a physically and digitally insecure environment, in the crosshairs of both types of attacks.
The SMS message, and the government’s subsequent censorship of Facebook and Twitter, revealed not only the extent of government surveillance and censorship, but also that many journalists were uninformed about online security — making them even more vulnerable to threats.
In response, Internews developed an integrated training program involving physical and digital security, which continues today — providing operational security guidance and support to local media on the ground.
Before starting the training sessions, most of the journalists we worked with were unaware of the daily digital security risks they faced. For example, we discovered how transparent they were on Facebook. Many of their profiles were public, disclosing their activities, locations, phone numbers and even networks for anyone who wanted to do them harm to see.
Beyond Ukraine, we are working on the initiatives LevelUp and SaferJourno to “train the trainers” about digital security. In our experience, this approach is as important as training journalists and activists directly, enabling these communities to understand complex technology challenges and teach each other at the local level.
2. Make digital security tools easier and faster to use.
Journalists’ workflows and tight deadlines don’t allow much free time to spend using security tools that involve multiple steps.
And unlike in large organizations, which can afford comprehensive security training and auditing, smaller organizations often struggle to keep up with the security solutions that are most practical for them.
In response, we recently developed SAFETAG, a security audit designed especially for small organizations. Adapted from the security auditing process for large companies, the program focuses on what an organization needs help with and is concerned about, and uncovers the high risk points.
The one-week audit consists of interviews, exercises and verification processes — including unearthing what the organization thinks it does versus what it actually does. For example, an organization may say it doesn’t use Dropbox, when in fact the employees use it every day: in those situations, how can we help them make all their processes and practices — not just the official ones — safer?
We’ve found that this process — which ends with an achievable roadmap for the organization to follow — helps even the smallest organizations make meaningful, concrete changes to how they work. We have also started training auditors in the global south to enable us to spread the program further.
3. Make licensed software more accessible to journalists in less developed countries.
One important factor in helping journalists stay safe online is cost. Using secure software can be unaffordable in many parts of the world, especially for journalists who live in countries without access to credit or where $100 is a major expense.
Secure software needs to be licensed, rather than pirated, and it also needs to be updated — both significant costs. Add to that the cost of encrypting mobile and desktop devices for certain operating systems, and using up-to-date anti-virus and anti-malware software, and it can easily be prohibitive.
Using free, open source operating systems isn’t always a viable option, either. They’re not as easy to use as licensed software, and they don’t support widely used programs like Microsoft Office.
Many of our partners rely on grants to use and maintain secure software. So we’re working to support increased access to free or heavily discounted copies of licensed software for registered non-profits and media in less developed countries.
4. Give developers more support to accelerate the building of digital security tools.
We’ve found that, on the other side of the coin, the developers building digital security tools also need more funding and support. A lot of them have day jobs, and give their free time to contribute to the tools that are open source and therefore free.
By giving grants to developers, we’re working to accelerate tool development and enable developers to spend more time doing this crucial work.
5. Develop digital security tools for specific communities and regions.
A lot of time and money go into building universal digital security tools, such as PGP. But we’ve found that some regions and communities need additional tools that minimize the unique risks they face.
Working with four different communities in less developed countries, we are piloting an initiative called Usable — aiming to create digital security tools at the community level.
The pilot communities are LGBTI activists, women’s rights activists, disabled people and journalists in different parts of the developing world. Starting with an assessment, the program looks at what the communities do on a daily basis, what worries them most and what they need solutions for.
We then will evaluate which tools would be most useful to them, and share that information back with developers so they can build tools targeted to these communities — supporting both the developers and the organizations involved with a human-centered design approach.
The idea is to help fund security tools around usability gaps, which may vary by community or prove to be cross-cultural and cross-community. For example, we’ve discovered that not enough developers are working on secure, open source mobile communication tools.
We hope that these strategies will help improve security for journalists, human rights workers and activists working on the front lines.
Marjorie Rouse is Senior Vice President for Programs at Internews.
(This story was originally posted on Medium.)