(This was first published in the SI network for The Local)
After the sensational, yet revealing intelligence leaks by Edward Snowden in 2013, the perception of internet being a safe haven, and a truly democratic platform for expression has been hampered. In most cases, by not denying them, the veracity of claims of mass surveillance by intelligence agencies have been acknowledged. As a consequence of which, many free speech advocates, globally, have raised flags of concern. Instances where whistle-blowers and journalists have been persecuted using weaknesses in security of digital communication tools have become a growing concern. I was inquisitive to learn what the Swedish journalists made of these leaks.
Gräv, the annual gathering of journalists in Sweden discussing investigative journalism was an apt platform to get a sense of how the Swedish journalism fraternity perceived this issue. With more than 400 journalists from across Sweden and about 50 international journalists, the event was the best arena to inquire into the post-Snowden epoch in digital security.
Inadequate efforts
SvenBergman, a prolific investigative journalist, now working for Sveriges Television's scoop program Uppdrag granskning, in his session during a focused workshop in Gräv, emphasized the need for journalists to secure their communications. Having worked on sensitive stories involving anonymous sources, he had tried many measures ranging from using basic tools like PGP encryption, to advanced measures like using air-gap computers.
When asked if there was a change in etiquette amongst rest of the journalist fraternity in Sweden, after Snowden revelations, Sven said that the concern had grown, but efforts taken weren't adequate. “Yes, and no. People are more aware of the possible threats when using internet based communication, but there is lack of education in using these security measures, which needs to be changed”, he said. He also pointed at a recent incident, when a major Swedish newspaper, Aftobladet published it's private encryption keys along with the user manual it had put together for its employees. The intent was to encourage it's employees to use PGP based encryption, but publishing the private keys jeopardized the whole initiative. Making one's private key available in public is analogous to investing in the most sophisticated security set up for your home, and finally leaving a post-it with the access code at your entrance.
Incidents like publishing private PGP keys by a major newspaper are not frivolous, to be laughed at. They highlight the bigger issue of the need to educate journalists and common public alike, in using digital security measures.
Based on a survey I conducted at Gräv, the concern raised by Sven Bergman and others during the conference was affirmed. An overwhelming majority of more than 100 participants in the survey were aware of the mass surveillance programs, and agreed that it was a risk to journalism and free speech. But less than 20% of the participants had used any security measures at all. They attributed this to the lack of education of these security tools.
Changing from within
There have been initiatives within the ambit of journalists in Sweden to popularize use of digital security. For instance, a representative from Journalistförbundet, the Swedish union for journalists, Peter Skyhag said that their organization had been trying to educate journalists, adding, “We have experts who conduct special workshops to train and educate journalists on using encryption and other basic security measures”. Peter also brought to notice a primer on internet security for journalists put together by three journalists in collaboration with Journalistförbundet. The manual, Digitalt källskydd, is available in Swedish, under Creative Commons license for journalists to understand the need for, and to learn basic security measures when using internet-based, and other digital communication services.
The disconnect in journalists not being able to widely adopt digital security measures like encryption in mail, chat or browsing seems to be three-fold. As with all technology, the adoption of security tools has a learning curve, and without comprehensive education aimed at training journalists, there cannot be widespread adoption of digital security. Secondly, the fact that the tools themselves aren't intuitive, makes it tedious to adopt them. This prompts technologists to make these tools more accessible to everyone, by making them user-friendly. Finally, the journalists need to understand the compulsion of having to secure their communications, in order to protect themselves and their sources.
Nils Hanson from SVT, with generic tips on digital security. |
Gräv, the annual gathering of journalists in Sweden discussing investigative journalism was an apt platform to get a sense of how the Swedish journalism fraternity perceived this issue. With more than 400 journalists from across Sweden and about 50 international journalists, the event was the best arena to inquire into the post-Snowden epoch in digital security.
Inadequate efforts
SvenBergman, a prolific investigative journalist, now working for Sveriges Television's scoop program Uppdrag granskning, in his session during a focused workshop in Gräv, emphasized the need for journalists to secure their communications. Having worked on sensitive stories involving anonymous sources, he had tried many measures ranging from using basic tools like PGP encryption, to advanced measures like using air-gap computers.
When asked if there was a change in etiquette amongst rest of the journalist fraternity in Sweden, after Snowden revelations, Sven said that the concern had grown, but efforts taken weren't adequate. “Yes, and no. People are more aware of the possible threats when using internet based communication, but there is lack of education in using these security measures, which needs to be changed”, he said. He also pointed at a recent incident, when a major Swedish newspaper, Aftobladet published it's private encryption keys along with the user manual it had put together for its employees. The intent was to encourage it's employees to use PGP based encryption, but publishing the private keys jeopardized the whole initiative. Making one's private key available in public is analogous to investing in the most sophisticated security set up for your home, and finally leaving a post-it with the access code at your entrance.
Incidents like publishing private PGP keys by a major newspaper are not frivolous, to be laughed at. They highlight the bigger issue of the need to educate journalists and common public alike, in using digital security measures.
Based on a survey I conducted at Gräv, the concern raised by Sven Bergman and others during the conference was affirmed. An overwhelming majority of more than 100 participants in the survey were aware of the mass surveillance programs, and agreed that it was a risk to journalism and free speech. But less than 20% of the participants had used any security measures at all. They attributed this to the lack of education of these security tools.
Changing from within
There have been initiatives within the ambit of journalists in Sweden to popularize use of digital security. For instance, a representative from Journalistförbundet, the Swedish union for journalists, Peter Skyhag said that their organization had been trying to educate journalists, adding, “We have experts who conduct special workshops to train and educate journalists on using encryption and other basic security measures”. Peter also brought to notice a primer on internet security for journalists put together by three journalists in collaboration with Journalistförbundet. The manual, Digitalt källskydd, is available in Swedish, under Creative Commons license for journalists to understand the need for, and to learn basic security measures when using internet-based, and other digital communication services.
The disconnect in journalists not being able to widely adopt digital security measures like encryption in mail, chat or browsing seems to be three-fold. As with all technology, the adoption of security tools has a learning curve, and without comprehensive education aimed at training journalists, there cannot be widespread adoption of digital security. Secondly, the fact that the tools themselves aren't intuitive, makes it tedious to adopt them. This prompts technologists to make these tools more accessible to everyone, by making them user-friendly. Finally, the journalists need to understand the compulsion of having to secure their communications, in order to protect themselves and their sources.