Professional Documents
Culture Documents
of
Computational Journalism
Columbia Journalism School
Week 12: Privacy and Security
December 11, 2015
.
.
.
Sources exposed
Vice reveals John McAfees location
AP phone records subpoena
Filmmakers laptop seized in Syria
Commitments to sources
Physical safety
Legal concerns
Our ability to operate
Our reputation
LinkedIn
from June 2012 breach
Gawker
from Dec 2010 breach
Two-Factor Authentication
Something you know, plus something you have
Phishing
By far the most common attack. Send a message to user tricking
them into entering their password.
Typically directs users to a fake login page.
Protection: beware links that take you to a login page! Always
read the URL after clicking a link from a message.
AP Phishing Email
Spear Phishing
Selected targets, personalized messages.
Threat modeling
What do I want to keep private?
(Messages, locations, identities, networks...)
File metadata
Legal Security
In the U.S., the Privacy Protection Act prevents police from
seizing journalists data without a warrant... if you're the one
storing it.
Third party doctrine: if its in the cloud, no protection!
SSL
Aka, HTTPS.
Depends on a system of root certificate authorities (CAs) that
generate certificates (cryptographically sign keys) for sites that
use HTTPS.
Browsers have CA keys built in, so they can verify that a site has
a valid signed key.
Works great, except that certificate authorities can be hacked,
and we must expect that most states can easily sign a certificate
through a proxy.
Mobile Security
Your phone
Is a location tracking device
Contains all your contacts
Is used for every form of communication
Stores a lot of information
iMessage
End-to-end encrypted.
Encrypted on the device.
Apple claims they do not have a
backdoor.
Ongoing court case vs. FBI
Torproject.org
Silent Circle
Commercial service
Secure mobile calls, video, texts
Can hand prepaid cards to sources
The Plan
M
Assange
password
E
E
UR
L
password
M
Leigh
password
E
UR
L
Assange
password
M
Leigh
???
password
E
E
UR
L
Assange
password
M
Leigh
???
password
E
UR
L
password
Assange
M
Leigh
E
WL
Archiv
e
password
!!
!
Resources
Threat modeling for journalists
https://source.opennews.org/en-US/learning/security-journalists-part-two-threat-modeling /