Data Protection for Journalists: Basic Principles

Samvel Martirosyan

Media researcher

If you aren’t using special protective measures, then theoretically all your online activities can be monitored

Protection of personal data has become an important issue. And if ordinary citizens can still discuss what about them could interest someone to follow them, well in the case of journalists, the matter is meaningless. It’s clear that journalists are bearers of the kind of information that only the lazy wouldn’t want to possess. Modern technologies, on one hand, have made extracting information easier, but, on other hand, have made it protecting this information possible — if you so wish. 

A journalist can be subjected to attacks from several types of sources at once. The most tenable instance is when state agencies, taking advantage of their position and power, can engage in illegal wiretapping, which happens often in the world today.

In addition, private entities can work against journalists, using the services of hired hackers — in a black market that prospers in today’s online environment. For example, journalists investigating environmental issues might be targeted by large companies. 

A journalist’s practical information might be decrypted in mass attacks, when a large number of people’s data is published at once. In this way, a few years ago, Azerbaijani hackers seized the database containing emails and passwords of the visitors of an Armenian forum and made them public online. The database also contained journalists’ data. As a result, journalists’ email correspondence became available to third parties — despite the fact that journalists weren’t the direct target of the attack. 

So what can journalists do to avoid information leaks?

Protect General Traffic

If you aren’t using special protective measures, then theoretically all your online activities can be monitored. If you are carrying out a journalistic investigation, then the list of websites you visit can be monitored by a third party and consequently can suggest what you’re currently investigating. No such cases of monitoring have been recorded in Armenia, but it’s worth being protected.  

At the very least, when using a public WiFi connection you should use an encrypted tunnel, which will shield prying eyes from knowing what sites you visit and what you read. This can be done by installing a VPN (Virtual Private Network), which creates an encrypted tunnel connection, with your access to the internet often being carried out from the territory of another country. As a result, what you do online and from what country you really access the internet can’t be seen. 

VPN is usually a paid service; it costs about $3–10 USD a month. But in the case of using limited traffic, there are free options. You can access VPN directly from your browser, which is done with a single click. For example, well-known VPN services for Chrome are TunnelBear VPN, ZenMate, and Hotspot Shield

The services I mentioned operate in the form of desktop computer software. And, which is very important, as mobile apps for phones and tablets, you can use Psiphon, TunnelBear VPN, and Hotspot Shield. Thus, when using a public connection, definitely use VPN. It’s preferable to use it also at the office. If you think it’s strictly necessary, using it at home won’t hurt. 

Protect Email Correspondence

The most reliable means of protecting email correspondence today is PGP (Pretty Good Privacy). This is a system that has never been cracked — at least there is no record of it being cracked. On the other hand, using the system is quite complicated. So complicated, in fact, that many prefer others to read their mail than delve deeper into PGP. If you gather the courage and time, then it’s worth diving in and getting PGP encryption. Remember that PGP doesn’t work one-way; in order to use it, the person with whom you’re corresponding must also use PGP encryption.  

For Chrome and Firefox browsers, you can install the simplified version of PGP — Mailvelope. Understanding and using this will take as much time as PGP, but you will be convinced that no one will be able to read your emails. This program works for Gmail and Yahoo accounts. 


Protect Messages and Calls

We all understand that SMS messages are terribly dangerous, as they can become available to law enforcement agencies, as well as employees of telecommunications companies. Text messages should be used to send our significant other a grocery list of items to be picked up from the store. Nothing more. 

Facebook, Whatsapp, Viber, Skype — these ensure your safety to some extent. But here too you might be surprised. These services regularly cooperate with law enforcement agencies and in some cases your messages might land in their hands. The probability is small, but it’s not zero. In addition, even if you delete your messages, they are kept on these companies’ servers. And this means that they, for example, can appear online, publicly available to all, as a result of a hacker attack on that service. These frightful things happen. 

Remember as well that the security of Facebook, Whatsapp, Viber, or Skype hasn’t been verified by third-party experts. That is, you’re convinced that these services are safe purely because that’s how their marketing divisions consider it and because there haven’t been any announcements of explicit threats. But it’s known that hackers or governments can be informed of vulnerabilities and take advantage of them, but keep it secret. 

For this reason, for transmitting sensitive information, journalists should use programs verified by third-party experts, which actually use modern encryption methods and allow you to destroy messages, not leaving copies on other devices. 

In order to communicate more securely, the following programs can be used: Signal, Chatsecure, Telegram (the “secret chat” function).

What I wrote about messages also refers to phone calls. Here too there are a few apps that will allow you to make phone calls that can’t be wiretapped. The two following programs can be used for making calls: Signal and Silent Phone

No doubt that many are going to consider that their data is not important and to specially protect it is a useless headache. But as Edward Snowden, who spent years extracting information, said: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

Samvel Martirosyan

The views expressed in the column are those of the author's and do not necessarily reflect the views of Media.am.

Add new comment

Comments by Media.am readers become public after moderation. We urge our readers not to leave anonymous comments. It’s always nice to know with whom one is speaking.

We do not publish comments that contain profanities, non-normative lexicon, personal attacks or threats. We do not publish comments that spread hate.

Leave a Reply

Your email address will not be published. Required fields are marked *