All Journalists Should Use This Annoying Technology to Prevent Spying
Journalists are generally human disasters: stimulant-addled, barely-functional hoarders unable to focus on anything other than scrabbling after the next story with an addict's claw-handed fury. I type this encased in the stale, coffee-stained shirt that proves it. Journalists, in other words, are the people least likely to spend time setting up arcane email encryption technology that could very well prove of no use to them. And yet they are among the people who could benefit the most.
The New York Times has a good profile of filmmaker Laura Poitras, who was the first person to connect with NSA whistleblower Ed Snowden. It drives home the point that a major reason Poitras scored the scoop was her familiarity with the complicated business of email encryption. When Snowden approached her, she was able to communicate with him securely using PGP, which scrambles your email until it is downloaded and decrypted with a personal key, so that even if someone spies on the content of your Gmail account or whatever they won't be able to read your email.
Snowden stressed to the Times in an (encrypted) interview the importance of encryption for journalists: "It should be clear that unencrypted journalist-source communication is unforgivably reckless."
In a detail that will become journalism school legend forever, probably, Guardian columnist Glenn Greenwald says he almost missed out on NSA stories because he didn't have the time to set up PGP. Snowden anonymously sent Greenwald a bunch of emails, and even a step-by-step guide to setting it up, but Greenwald put it off.
“It’s really annoying and complicated, the encryption software,” he told the Times. “He kept harassing me, but at some point he just got frustrated, so he went to Laura.”
So now journalists can expect editors, sources and privacy advocates to hound them to set up PGP, less they miss the next Edward Snowden. The Freedom of the Press Foundation, of which Poitras is a member, has an exhaustive review of PGP, among other privacy-protecting encryption technologies for journalists, and is a good place to start. Encryption is not only important to counter government surveillance: If, for example, you're one of the poor victims of a malicious hacker like the D.C.-terrorizing Guccifer, encrypting sensitive emails will limit the damage of a leak.
The problem is, as Greenwald says, encryption annoying and complicated to use. One Saturday afternoon a few months ago, I sat down with a beer and set up PGP encryption for my Macbook, using the popular, free and open source GPGTools. The straight-forward directions make it appear almost as simple as installing the new edition of Microsoft Office, but I kept hitting small snafus and getting tripped up by vague instructions. Four hours and about as many beers later, I had GPGTools working fitfully, on a single laptop. But then I decrypted that first test email and I had the intoxicating sense of being a character in a spy novel. A drunk spy. Maybe I was actually just drunk.
All this hassle was probably in part due to my incompetence, and increasing intoxication. But these tools are the opposite of user friendly at a time when people expect computers to work as simply as clicking "download" on an app. A number of new encryption projects make usability a priority, but often this comes at a sacrifice in security. The much-publicized plug-and-play encrypted chat application Cryptocat was recently found to have a gaping vulnerability. And the easy-to-use Tor Browser was likewise broken in what appeared to be an attack by the Feds. Hopefully encryption can become easier, quickly, because a growing number of sources like Edward Snowden and Bradley Manning—young, paranoid, technically-savvy people, with first-hand knowledge of the government's surveillance powers, see encryption as a badge that says Means Business.
(Incidentally here is my PGP key, if you want to send me secrets. And here is Gawker's guide to how to leak to us without (hopefully) getting caught.)
[Image by Jim Cooke.]