Since the passing of the Investigatory Powers Act (IPA) in November 2016, journalists in the UK have found themselves in unchartered territory.
Speaking at news:rewired today, Silkie Carlo, technology policy officer at independent human rights organisation Liberty, painted a bleak picture of journalists’ security following the Snowden revelations and the passing of the IPA.
How scared should journalists be of the IPA?
In short: very, said Carlo. The IPA is the most comprehensive surveillance act in any western democracy.
The IPA, also known as the “snooper’s charter”, allows the British government to gain access to people’s “communications data”, which include: location data (where the user is), Internet history, usernames and passwords, billing data, physical addresses and items within the content of an email.
It also allows the government and members of the security apparatus to monitor and listen to what a user is doing on his or her device, and take control of a device to modify and operate its webcam, microphone and items contained inside.
“If authorities wanted to hack your machine, they’re going to do it,” Carlo said. “And you’re not going to know about it.”
Carlo reminded the audience of a few horror stories before the IPA was passed: members of GCHQ visiting the Guardian’s offices to destroy hard drives containing documents leaked by Edward Snowden; officials at Heathrow Airport detaining and interrogating David Miranda (the partner of former Guardian journalist Glenn Greenwald) under the Terrorism Act; and police seizing the laptop of BBC Newsnight reporter Secunder Kermani to read communications between the journalist and a source who had publicly identified himself as a member of the self-styled Islamic State.
With the IPA in place, it seems as though the government’s powers will continue to grow, she said.
“Journalists have to be aware that if they are doing any stories that could be of interest to the police or the security agencies, they do face a real risk of being intercepted,” thanks to the government’s expanded powers under the IPA, Carlo told Journalism.co.uk last August.
Speaking at news:rewired, she offered some tips on how journalists should protect themselves against hacks and interceptions.
Download her security handbook, Information Security for Journalists
The guide, co-authored by Carlo for The Centre for Investigative Journalism and written with freelancers in mind, underlines precautions that journalists should take, such as “threat modelling”. This entails considering who your adversaries or potential attackers could be and what tools might they have. What risks could arise for you, your sources and your colleagues? What defence strategies do you have?
Be vigilant with your WiFi
Never assume that the WiFi you are using – whether at home or in public – is secure, Carlo warned.
Internet providers, such as O2 and TalkTalk, keep records of everything users do online – and the government could easily seize these records under the IPA without users’ knowing. CBD oil and capsules Hemp oil H Drop UK site
It is also crucial that smartphone and laptop users do not leave WiFi on when they travel between WiFi spots as that leaves users open to outside hacks, Carlo noted.
Secure every part of the device you use
Every part of a journalist’s device – from the actual hardware to the operating system, to the encryption middleware, to the application being used – must be kept secure, Carlo said. Every element of a journalist’s toolkit is like a “house of cards”: the moment one security measure falls, everything else will.
She particularly recommended using apps, email servers and Internet browsers with end-to-end encryption, such as Signal, PGP and Tor.