If you’re a journalist in the U.S., all this means that it’s time to protect yourself.
The government can ask technology companies to turn over information—like the contents of an email or instant message, for example—if they’ve got the appropriate warrant or court order. The best way to keep overreaching law enforcement from doing this is to use a messaging platform that, by design, can’t read the data it shuttles from user to user.
Here’s how: Tech-savvy reporters, including many who focus on digital privacy and surveillance, routinely use tools that encrypt their online communications end-to-end—that is, in such a way that not even the company delivering messages can read their contents. Signal, a smartphone app, is the medium of choice for privacy-conscious communicators, and is probably the easiest way to call or text securely. Encrypting email using PGP is also an option, but it’s far more cumbersome.
It’s also important to make up complex passwords—and never to reuse a username and password combination for more than one site. Password managers like 1Password, LastPass, and Dashlane can create a different randomized password for every website, and remember them all so that you don’t have to. Turning on two-factor authentication on every service that supports it—Google, Slack, Dropbox, Amazon, etc.—makes it much harder for hackers to get into your accounts, by requiring you to approve every login with a mobile device. And for those who need to browse the internet securely, a properly configured Tor browser allows users to poke around the web anonymously.
Already, journalists and human-rights activists around the world operate under hostile governments that use surveillance to detect and disrupt their work. To understand what U.S.-based journalists might learn from them, I reached out to Ali Bangi, the co-director of ASL19, a non-profit organization that helps Arabic- and Persian-speaking internet users protect their privacy and anonymity online, and bypass internet censorship.
Bangi made two predictions based on his experience with the media landscape in Iran. First, he said, journalists will need to work harder to keep their anonymous sources safe. Electronic surveillance can make it easy for the government to determine the identity a whistleblower, if a reporter isn’t careful. A vindictive administration could deploy surveillance tools more freely in order to figure out who’s leaking information.
It’s also possible that more types of information will be considered sensitive and dangerous. That’s why people other than national-security reporters should think about communicating more securely: Even run-of-the-mill political reporting could make journalists a target.
“Activists and journalists working on hostile situations understand very well that, unless you take the necessary precautions, your online activities can have consequences for your physical safety,” said Daniel Bedoya Arroyo, the incident-response manager at Access Now, a digital-rights advocacy group. “For example, a mobile device can reveal with a decent level of accuracy your physical location, even if geolocalization services are disabled. And unfortunately, this increased risk and fear can cause self-censorship in many situations.”