By Ugur Nedim and Paul Gregoire
With the scope of online and telecommunications surveillance today, it seems we’re very much living in an Orwellian age. Last week, the complete version of the Australian government’s mandatory metadata regime came into effect.
Although the data retention laws were enacted on October 13, 2015, it wasn’t until last Thursday that all internet service providers (ISPs) were required to store customer metadata – including the time and date of calls, emails, text messages and internet sessions – for a period of two years.
The implications of this regime for journalists are concerning, to say the least. While the data of the entire population is now being stored, and information on the general population can be easily accessed without a warrant, the journalist information warrant scheme allows police and other government agencies to seek access to journalists’ metadata in order to track down their sources.
The scheme will add to the reluctance of those who are aware of such transgressions to blow the whistle.
Current laws already criminalise reporting about government corruption and other forms of misconduct, including leaking ‘protected information’ even if it is in the public interest to do so.
There are laws which criminalise receiving and reporting on leaked information, reporting on ‘special intelligence operations’ even if police and government agents commit heinous crimes against innocent people in the process, reporting about human rights abuses on detentions centres and other offshore operations, and the list goes on.
These laws mean that those who seek to expose abuses, corruption and misconduct can face lengthy prison sentences for blowing the whistle. Equally, journalists and doctors can – and indeed have – been investigated for criticising the government. Such laws adversely impact on government accountability, effectively denying the population the information required to formulate informed views about government policies and actions.
And in the era of Trump, the legitimacy of journalism itself has come under attack. The recently-inaugurated US president has barred several major media outlets from his press conferences. He has referred to the press as the “enemy of the people” and repeatedly denounced articles that are critical of him and his policies as “fake news”.
Trump’s views and rhetoric are contagious, adopted by politicians around the world including right here in Australia.
A guide for journalists to protect themselves
In this darkening of the light for freedom of speech, journalist Michael Dagan recently produced a guide for journalists to protect themselves and their sources. That guide is called Online Privacy for Journalists.
Dagan assures his fellow journalists early on that “the good news is that it is nevertheless possible to make it difficult for anyone to try and intercept your emails, the text messages you’re sending or your phone calls.”
He then outlines that his tips to ensure sources and data are kept secure fall into three categories: isolating your devices and/or their environment, securing on-device applications and functions, and acting cautiously both in the digital and real world.
Communicating with a source, and safeguarding data
The journalist lists a total of nineteen tips when it comes to communicating with a source, and storing sensitive data. These include always encrypting everything. He recommends using AES (Advanced Encryption Standard) and he also stresses performing full disk encryption on your computer or phone.
Another point is to watch the way you communicate with your sources. Avoid chatting with them on the phone, as telcos are storing the data. Instead you should use a secure call service like Signal Private Messenger, which is what Edward Snowden actually recommends.
As well as monitoring calls, law enforcement agencies can also intercept text messages, which can be read, Dagan notes. So he suggests using a messaging service that allows for “secure end to end call.” Along with Signal App, he recommends Telegram, while some experts suggest Silence.
It’s also important to remember to educate a source on how they should secure the information on their side, as it’s too late if they contact you and divulge all their sensitive information using an insecure means of communication.
A few other practical tips are avoid keeping notes on your devices, especially a source’s name or initials. Be aware of the environment you’re meeting a source in. He recommends staying away from shopping malls, which are filled with cameras, and suggests that you don’t use public transport. And if you jot down any information on a piece of paper, always remember to destroy it.
According to Dagan, a journalist should try to avoid being tracked while they’re browsing online, as this can lead to providing hints on what they’re working on, or even their source’s identity.
Using your browser’s private browsing mode to maintain online anonymity doesn’t work, as it only hides what you’ve been looking at from your family members. All the sites you’ve been visiting are still exposed to your ISP. While using alternative browsers like Dooble, Comodo Dragon and SRWare Iron – which focus on privacy – can be helpful, they’re not foolproof.
But then there’s Tor. The browser that “routes you through three encrypted random relays around the world, before landing you at your destination.” Developed by the US Navy, Tor can be a little slow and cumbersome, but it’s very difficult to monitor your activities whilst using it.
Dagan warns that while using Tor, “you should also bear in mind that your neighbours may be shady characters.” Tor utilises the dark web: the part of the internet that is only accessible using special software. It’s where the notorious drug market the Silk Road operated before the FBI brought it down.
Now that Australia’s metadata regime is in full gear many experts are recommending people start using a virtual private network (VPN), and Dagan makes the same suggestion for journalists. A VPN creates a secure connection between your computer and another network that hides your online activities from your ISP.
But to ensure you’re using a safe VPN, Dagan recommends finding a company that isn’t located in one of the Fourteen Eyes countries.
They’re a group of countries where intelligence networks are allowed to collect and share information with one another. Established under the UKUSA Agreement back in 1946, the initial group was called the Five Eyes, and comprised of the USA, the UK, Australia, Canada and New Zealand.
And instead of using Google, or similar search engines, if you use one like DuckDuckGo, they don’t store your information, so you can avoid being monitored completely.
Dagan ends the guide with some practical tips for journalists to avoid authorities snooping around in their private emails.
If you’re using email services like Gmail or Yahoo, you can install the browser plugin Mailvelope. And providing both you and the recipient are using the extension, then you can send encrypted emails to one another.
There are also secure email providers, such as Hushmail, which provide added security features that regular email services don’t. However, Dagan does warn that email providers like this may be forced to handover the information they store to the US government under a court order.
There’s also the option of using a disposable temporary email address, which is created simply to use for a specific purpose and is deleted afterwards. It’s totally anonymous. The Guardian has recommends using Guerrilla Mail or Mailinator.
And one last point that the author makes is to continue to watch out for phishing: a fraudulent email that looks as if it’s been sent from someone you know. He suggests keeping an eye out for little misspellings in the “from” field, where one letter in a name might have been changed in order to fool you.
Dagan concludes his guide with a quote from journalist Tony Loci about the extent of online surveillance and the future of cross border journalism. “Some journalists, computer scientists and privacy advocates are so alarmed that they recommend reporters go old school… and rely on in-person interviews and snail mail.”