by Abby Plener
 
IMG_2424While working on “Cyberwar” with Vice, filmmaker Dylan Reibling contacted a source for a story. The source was a hacker who had attended the Black Hat information security conference. Shortly after Vice e-mailed him, that same source got a call from the FBI.

Perhaps it was just a coincidence. But nonetheless, the source was concerned he was being surveilled and was hesitant to speak to journalists. For Dylan and his team, “It was a wake-up call that we have to be more careful,” and take steps to respond to sources’ concerns about digital security.

Reibling joined fellow panelists Annie Sakkab and Nasma Ahmed for a discussion on how journalists can prepare themselves to confront such dilemmas. The event was hosted by the Canadian Media Guild, Off Assignment Toronto, and CWA Canada at Page One cafe in downtown Toronto on July 10.

The panelists

Dylan Reibling is an award-winning filmmaker who recently worked on Vice’s “Cyberwar”, a show that follows subjects connected to cyberwarfare.

Annie Sakkab is a photojournalist and social documentary photographer who lived and worked in Toronto, London, Rome, Dubai and Amman.

Nasma Ahmed is a technologist, developer and community organizer.

The panel was moderated by Susana Ferreira, an award-winning freelance writer and radio producer who is also involved in the  Off Assignment Toronto chapter.

Here’s some of the panelists’ advice:

Define Your Own Threat Model

Tackling digital security can feel overwhelming, and users need to figure out what solutions make sense for them. Threat-modeling helps users do that analysis.

As Ahmed explained, “You need to figure out what your vulnerabilities are, what you’re okay with risking, and think through all the different possibilities.” For example, Ahmed often works with young women who fear the use of doxxing. (Doxxing is when someone’s personal information is released online without their consent). Users who are afraid of doxxing might take specific online security steps, such as locking social media accounts. Every situation is unique and your security practices should be tailored to your needs.  

After the Muslim ban was enacted in early 2017, Ahmed had to travel to the U.S. for work. As a Somali-Canadian who wears a hijab, she was nervous about crossing the border. Many security experts online recommended that travelers carry a burner phone when crossing the border.

But for Ahmed, she felt carrying a burner phone would make her look more suspicious to authorities, especially as someone who is visibly Muslim. A lot of the security advice given on Twitter wasn’t helpful to her. “You need a strong understanding of your personal threats.”

How to Protect Yourself and Your Sources

There are plenty of different web tools and software available to help users tackle digital security – from anonymous browsing tools like Tor, to encrypted communication apps like Signal (See the resources section below for further reading).

For Annie, she uses a different name online to protect herself, and she backs up her computer before she travels so she only needs to carry an empty disc with her.

With anonymous sources, Reibling made sure no identifying features were included in the story, used encrypted communication to contact them, chose strategic meeting locations and made sure the source’s contact information was kept confidential between other staff working on the show.

Know Your Rights

Before travelling, know what your rights are and take precaution with your devices accordingly. Journalists may consider using an encrypted hard drive, or moving sensitive material to another device before crossing the border.

Currently, if Canadians are stopped at the U.S. border, they have right to walk away from security officials and return to Canada. But if Bill C-23 becomes law, U.S. officials would have additional powers to question Canadian citizens and permanent residents at the border.

Preparing Sources & Informed Consent

For sources, being featured in the media can affect their personal security both on and offline. Reibling and Sakkab have both had situations where they wondered how their story might affect their sources’ future, and if those ramifications were fully understood before they agreed to go on record. For Sakkab, because she works in different parts of the world, she tries to be cognizant of the unique religious or cultural dynamics that may impact her subjects. When she works in the Middle East, “A lot of the time, the privacy of the women is very important to protect.”

“Even a good media story can bring bad trolling or even attempts of doxxing,” said Ahmed.

Ahmed recently experienced this form of backlash first-hand, after organizing a graduation event for black U of T students. The event was widely reported on, leading to personal attacks online towards Ahmed and her fellow organizers. Ahmed said media producers need to warn sources about these possibilities so they can prepare themselves. As someone who works in digital spaces, Ahmed was prepared, but not all sources are well-versed in these threats.

“There’s a responsibility, [for media] because people’s lives have been at-risk because of coverage,” she said.

What can newsrooms do?

The panelists agreed that newsrooms need to take the threat of digital security seriously and provide resources for journalists and sources when possible.

Reibling noted that if journalists are expected to protect their sources, especially those that have access to sensitive information, they need to know whether the newsrooms they work for will stand by them. (The Supreme Court of Canada is currently being asked to clarify source protection laws, after journalist Ben Makuch refused to give up a source’s information to the RCMP.)

“I feel I’m not protected. I feel like I’m alone,” said Sakkab, who works as a freelancer and feels especially vulnerable navigating security issues without an institution behind her. Sakkab suggested media organizations could provide freelancers with a digital security tool kit, with suggestions of apps and software they can use in the field.

Ahmed pointed to media organizations like The Guardian, which has published how-to guides for readers to contact their newsroom confidentially. Ahmed said making information like that easily available and accessible to users is a great first step.

Audience members at the Media Mixer noted that at many large media organizations, it can be challenging for individual journalists to demand that these concerns be taken seriously company-wide. Ahmed encouraged attendees to demand more from their employers, especially when cyber surveillance continues to put sources’ lives in danger.

Resources

Like any technology, digital security software will continue to evolve. Below are links to guides on digital security. Be sure to connect with other journalists and organizations like the ones below to keep tabs on best practices.

POSTED IN: Features