With journalist Silkie Carlo I have co-authored a 'handbook' on practical information security for journalists commissioned by the UK Centre for Investigative Journalism. The CIJ handbook 'Information Security for Journalists' was launched at the CIJ Summer School 2014 in London. The book will be forever freely available in a range of electronic formats - see download links below. In the four months after the initial publication in we have rewritten certain parts based on feedback from the initial readers and updated other parts to stay current with the latest software changes. Many thanks to all who gave us valuable feedback.
Altough this book was originally written for investigative journalists most of the described concepts and technical solutions are just as usable by lawyers or advisors protecting communications with their clients, doctors protecting medical privacy and of course politicians, activists or anyone else who engages powerful state and corporate organisations. Really, we're all journalists now. Inside the book is a mailadres for getting in touch, please let us know how your are using it and what we can do better.
If you have reasons to suspect your online movements are already under some form of surveilance you should not download this book using a computer or netwpork associated with your identity (such as your home or work systems).
Several participants of journalist training programs have written articles: Information security for journalists: staying secure online by Alastair Reid (from journalism.co.uk) - A day with the surveillance expert by Jason Murdock, Offtherecord.in - Valentina Novak wrote this interview after a lecture & workshop in Slovenia last November.
From the 'backflap' of the book:
With journalist Silkie Carlo I have co-authored a 'handbook' on practical information security for journalists commissioned by the UK Centre for Investigative Journalism. The CIJ handbook 'Information Security for Journalists' was launched at the CIJ Summer School 2014 last weekend in London. The book will be freely available in electronic format and in print after the summer. Just like last year I gave lectures (slides) and ran a hands-on workshop to get journalists 'tooled-up' so they can better protect their sources, themselves and their stories in a post-Snowden world.
From the 'backflap' of the book:
This handbook is a very important practical tool for journalists. And it is of particular importance to investigative reporters. For the first time journalists are now aware that virtually every electronic communication we make or receive is being recorded, stored and subject to analysis and action. As this surveillance is being conducted in secret, without scrutiny, transparency or any realistic form of accountability, our sources, our stories and our professional work itself is under threat.
After Snowden’s disclosures we know that there are real safeguards and real counter measures available. The CIJ’s latest handbook, Information Security for Journalists, lays out the most effective means of keeping your work private and safe from spying. It explains how to write safely, how to think about security and how to safely receive, store and send information that a government or powerful corporation may be keen for you not to know, to have or to share. To ensure your privacy and the safety of your sources, Information Security for Journalists will help you to make your communications indecipherable, untraceable and anonymous.
Although this handbook is largely about how to use your computer, you don’t need to have a computer science degree to use it. Its authors, and the experts advising the project are ensuring its practical accuracy and usability, and work with the latest technology.
Director of the Centre for Investigative Journalism
This handbook is being translated into Arabic, Chinese, French, German, Portugese, Spanish, and other languages
Onderstaande column is het vervolg op een artikel dat ik schreef in de eerste week van het Snowden/NSA schandaal in juni 2013. Waar dat artikel de concrete problemen beschreef beschrijf ik hieronder de andere keuzen de gemaakt hadden kunnen worden en nog steeds gemaakt worden en de voordelen voor Nederland en Europa ten opzicht van het huidige 'beleid'.
De afgelopen 10-15 jaar heeft de IT in Nederland zich niet ontwikkeld in lijn met publieke belangen en het garanderen van grondrechten van de burgers van Nederland. Ook zijn er enorme kansen op het gebied van economische ontwikkeling en werkgelegenheid gemist. Nederland besteedt veel IT uit aan buitenlandse partijen wat niet alleen tientallen miljarden Euro's (1-2% BNP) aan lokale economische groei/werkgelegenheid kost maar de samenleving ook de-facto uitlevert aan buitenlandse spionage op bestuurlijke instanties, bedrijfsleven en alle individuele burgers. Hoewel voor deze risico's al ruim 15 jaar werd gewaarschuwd is dit laatste aspect het afgelopen jaar door de onthullingen van Edward Snowden onweerlegbaar en zijn volle omvang aangetoond. 12 maanden later is er in Nederland geen spoor van een reactie op deze problematiek.
Het had ook anders gekund...
In de eerste 21 maanden van de 21ste eeuw barstte de dotcom bubbel en storten er drie wolkenkrabbers in elkaar in New York. Tussen deze twee gebeurtenissen in verscheen in de zomer van 2001 een grotendeels vergeten rapport aan het Europese Parlement dat de schaal en impact van elektronische spionage beschreef op Europa door de VS en haar 'Echelon' partners (Canada, het VK, Australië en Nieuw Zeeland). Naast een gedetailleerde probleem-analyse gaf het rapport ook concrete voorbeelden van beleidsmaatregelen op IT gebied die overheden konden nemen om buitenlandse inlichtingendiensten het bespioneren van Europa een stuk moeilijker te maken.
In dezelfde periode had de Amerikaanse overheid had een van de grootste anti-trust zaken in haar geschiedenis, tegen Microsoft, gewonnen en de EU was naar aanleiding van deze overwinning een vergelijkbare zaak gestart die ook tot een veroordeling en de hoogste boete in de geschiedenis van de EU zou leiden.
Het was tegen deze achtergrond dat het nadenken over de strategische versus operationele aspecten van IT in de publieke sector veranderde. Het rapport over Echelon maakte duidelijk dat het reduceren van IT tot een instrumentele zaak rampzalige consequenties had op de soevereiniteit van Europese staten te opzichte van, met name, de VS (en wellicht in de toekomst China, andere technisch capabele landen of niet-statelijke organisaties). Ook de economische gevolgen van industriële spionage tegen bedrijven werd een punt van zorg voor de overheid.
At 12:30 on Friday 13th of June 2014 I will give the Kerckhoff Lecture at the Radboud Universities Kerckhoffs Institute for information security in Nijmegen in room HG00.068. For an audience of students and faculty who probably know more about the maths of cryptography than myself I will talk about the tech-policy implications of the Snowden revelations and why Europe has been doing so very, very little.
Imagine a whistleblower releasing detailed documentary proof of a group of organisations that dump large volumes of toxic mixed chemical waste in European rivers and lakes. The documents describe in detail how often (daily) and how toxic (very). Now imagine journalists, civic organisations and elected representatives all starting furious discussions about how bad this is and what the possible horrible consequences theoretically could be for european citizens.
Now imagine that this debate goes on and on for months as slowly more documentation is published showing ever more detailed descriptions of the various compounds in the toxic chemicals and what rivers and lakes precisely they are being dumped into.
Now imagine that no journalist, civic organisation or elected representative comes up with a single concrete and actionable proposal to stop the actual and ongoing toxic dumping or to prevent future organisations getting into the habit of illegal dumping.
Imagine also that both governments and public-sector organisations, including the ones responsable for health- and environmental matters continue not only to procure products and services from above organisations but also continue to give them the licences they need to operate.
Imagine that this goes on for month after month after month for a full year.
Now Imagine it turns out that the Government not only already knew about this 13 years before but also had a detailed report on practical solutions to clean up the mess and prevent future poisoning.
Sounds incredible does it not?
Except this is precisely how Europe has been not-dealing with the revelations by Edward Snowden on industrialised mass-surveillance of our government & civic institutions, companies and citizens.
The EU has spent most of a year holding meetings and hearings to 'understand' the problem but has not produced a single word on what concrete actions could regain the right to privacy for its citizens now. This while a July 2001 report on Echelon, the NSA/GCHQ precursor program to the current alphabet soup, explained the scope of the problem of electronic dragnet surveillance and made practical and detailed recomendations that would have protected Europeans and their institutions had they been implemented. Currently only Germany has seen the beginnings of policies that will offer some protection for its citizens.
On Friday the 13th of June I will discuss the full scope of the NSA surveillance problem, the available technological and policy solutions and some suggestions about why they have not and are not being implemented (or even discussed).
I will be speaking and workshopping at the 2014 Dataharvest+ conference in Brussels. This conference brings together investigative journalists, (big)data wranglers, coders & hackers to kick journalism into the 21st century.
My contribution will be a series of presentations about applied information security for investigative journalists and hands-on workshops to get security tools working on laptops. So bring yours! Slides I used are here: PPT, PDF. Some tips and links to tools. A video from a comparable worshop last year, since then the situation has turned out to be much more dire.
On December 25th 2013 Edward Snowden delivered an alternative Christmas message on the UK's channel 4 TV station. Before the broadcast a short version of the speech was leaked and immediatly uploaded to youtube. That upload was immediatly blocked but many re-uploads made the clip available everywhere. This is one of those places. If you want to thank Edward Snowden for giving up his relationship, familiy, job and any chance of a normal life to inform us all go here and donate. Or spread his message. And do something with it. Because if something is done all of Edward's sacrifices have meaning.
Update May 28th 2014: The Guardian just published a written summary of the talks below. For those with less time or a preference for text as opposed to video.
Over the last month Prof. Eben Moglen held a series of lectures on the implications of the documents released by whistleblower Edward Snowden. More than any other article or interview these talks give a clear analysis of the meaning of this information and what it is we all need to do as citizens if we want a future where freedom and civil liberties still has some meaning. Original video's, audio recordings and transcriptions of the talks can be found at http://snowdenandthefuture.info/.