How journalists can keep their work and sources digitally secure

1. Use threat modelling to understand your assets and risks

The concept of threat modelling is a useful one. It’s about understanding what assets you have that need protecting, and what risk there is of them coming under attack.

The Committee to Protect Journalist’s Journalist Security Guide is a highly useful resource. It recommends you start by understanding your assets and move on from there. The guide steps through the following :

2. Simple steps to protect data on your computer and phone

Danny O’Brien, one-time Internet Advocacy Co-ordinator for the Committee to Protect Journalists and International Director of the Electronic Frontier Foundation, talks in this video about some simple things journalists can do to protect their sources and work, particularly when out in the field. They include encrypting your hard drive, using burner phones, and not taking any phone at all to particularly sensitive meetings.

3. Good passwords and working anonymously

Security in a box has a host of tips on how to select passwords, work anonymously, protect information on your devices and when using social accounts, and recovering from information loss. They also spell out how to operate in different operating environments (Linux, Windows, Mac, Android etc).

There’s also this video from SophosLab on picking a password.

4. Using public-key encryption

Keith Ng outlines how to use public-key encryption.

This technique is based on a pair of matching keys – one public, one private. Anything encrypted with one can only be decrypted with the other. Why? MATHS, that’s why. The public key is then made public (my key is here), and anyone can use that key to encrypt a messsage. Only you – with the private key that you keep secret – can decrypt that message. It’s actually not that hard. The simplest tool for dealing with PGP keys is gpg4usb. Go download it and have a play.

And Vivian Chandra has published this video quick guide to using PGP email encryption.