When Mathematics Professor Robert Patterson sent a cryptic message to Thomas Jefferson in December 1801, he set the tone for data raiders: that it should be “absolutely inscrutable” without a specific key.
But such opacity spurs unease among law enforcement agencies and national security officials today. F.B.I. Director James Comey– who spent an hour decrying new softwares with default encryption at a conference mid October– said the challenge of real-time interception may lead all to a “very, very dark place.”
Comey’s call for a legislative and technical fix, which he referred as the “front door,” does not only wage wars against corporations, but also against the media.
Journalists are heavily targeted among state-sponsored hacking targets, according to a research by two Google security engineers in March.
The prominent list of victims from past phishing attacks– a technique to obtaining sensitive information through targeted content and legitimate-looking email addresses– exert much pressure on the media’s independence and integrity.
“It’s really a wake up call for news organizations…that those events aren’t isolated but reasonably continuous,” said Morgan Marquis-Boire, the director of security for First Look Media.
Cleaning Trails
While Comey emphasized there is a sensible trade-off between privacy and public safety, technologists and journalists said government over reach compromises the free exchange of information.
A properly implemented crypto software scrambles a message with a randomly generated key through mathematical operations, and recovers the original message through more operations with another key.
But the creation of front door or back door means the exposure of technical vulnerabilities to any actor, be it malicious or not.
“There’s no magical backdoor where only the FBI and NSA have access to,” said Cameron Banga, a mobile app developer, adding that the stakes are too high for companies like Apple to possess a database of universal keys. An internal or external data breach could blow a stellar reputation, as reflected in the upheavals at Target and Sony Corp.
Proponents of the National Security Agency stood by their claims that the threat of privacy is low based on their “metadata” collection. Courts have ruled that such seizure can include phone calls, emails, internet profiles, banking and medical records, according to declassified Foreign Intelligence Surveillance Court (FISA) documents.
These information can paint a very intimate portrait of a journalist’s connections and interests. Further weakening of the encryption system is problematic when it comes to safeguarding sources.
“The government shouldn’t be going after journalists to do the job for them,” said Geoffery King, a San Francisco-based internet advocacy coordinator for The Committee to Protect Journalists. “Both journalists and the news-reading public would suffer if sources fear their confidentiality will be compromised.”
Encryption Works
In the face of pervasive surveillance and data storage capabilities, journalists have to reconsider their newsgathering techniques and tread carefully with the technical solutions available.
“Encryption is like asking for sex on the first date,” said Julia Angwin, a senior reporter at ProPublica. “It can be dangerous, but it’ll bring sources to you.”
PGP, which stands for pretty good privacy, is widely used among the list of free and open-source encryption softwares. It generates a public key to encrypt a message, which users can post the former on their bios as an alternative contact. PGP also protects users from targeted threats.
The issue is to develop mutual understanding from source to source about the benefits behind encrypted conversations, in which Angwin had the most difficulty to do so.
Christopher Soghoian, a technologist and policy analyst at ACLU, found the tool most useful in arranging cloak and dagger meetings.
“You don’t want to be talking about important things through encryption tools,” said Soghoian, whose PGP key link on Twitter had attracted a number of government sources.
Siobhan Gorman, an intelligence correspondent for The Wall Street Journal, said encryption tools alleviate her from “physical frantic issues” in low-tech ways of communication, such as the tracking of fingerprints and metadata in postal systems.
The consensus view is that, despite encryption tools are difficult to pick up, reporters need to learn basic security and anonymity tools on the internet in order to do their job well.
Weak Legal Support
One problem that remains thorny for journalists, however, is inviting unwanted attention from federal agencies.
“Even though the government cannot read encrypted messages, the fact that encryption has been used is a red flag,” said James Risen, an investigative reporter for The New York Times. “It’s a real Catch 22.”
The Fifth Amendment may protect one from providing testimony or disclosing confidential sources that would be self-incriminating.
In some cases, there is a question of whether surrendering one’s password or key would equate to giving up the content of one’s mind, which is testimonial in light of the Fifth Amendment privilege.
In a Florida case in 2011, a man identified as John Doe took the Fifth Amendment to avoid unlocking his devices seized in a child pornography investigation. The court had ruled that forcing Doe to give up his decryption keys would amount to a self-incriminating testimony.
Moreover, there is an emerging body of law that is not favorable when it comes to compelled decryption, said Nabiha Syed, an associate at Levine Sullivan Koch & Schulz, a firm that focuses on media law.
“There isn’t a slamdunk argument when it comes to quashing a subpoena for encrypted content,” Syed said. “One of the lessons is that prosecutors aren’t afraid to ask whatever they need to decrypt your information.”
In a Massachusetts case late June, the top court has ruled that compelled decryption is not protected by the Fifth Amendment when “the defendant is only telling the government what it already knows,” Justice Francis X. Spina wrote in the majority decision.
According to court documents, state troopers have already learned about the defendant’s involvement in an alleged scheme, and that the communication was stored in encrypted computers that only the defendant can decrypt.
That means under the foregone conclusion doctrine, the government can request an individual to decrypt files with “brute force”since the existence and location of the content are already known.
Organizational Push
Even as the legal protection afforded to encryption users are lagging behind the technical level, journalists are generally supporting the use of layered defense.
“If more people start using encryption on everyday means, then there won’t be an anomaly,” said Micah Lee, a technologist at The Intercept. “Being afraid to use security tools because of the government is a dangerous mindset.”
Beyond encrypting individual email, implementing digital security on an institutional level is particularly crucial in the “post- Snowden world.”
“We need to stop being cheap,” said Jack Gillum, a reporter for The Associated Press, referring to paid encryption tools that are easier to use and the need to protect reporters stationed in countries that do not enjoy First Amendment rights.
The Associated Press sent a scathing letter to the federal government when the FBI posed as an AP journalist in 2007 to draw out the suspect of a bomb threat investigation. The FBI refused to promise that such tactic would not be used again in the future, according to recent news story.
“It’s clear that we need to have the mindset of security that’s beyond the tools,” Gillum said.
Several newsrooms, including that of ProPublica, The Guardian and The New Yorker, are using SecureDrop to receiving confidential documents from anonymous sources. The system protects users from being tracked online.
Ultimately, the adoption of encryption requires a lot of time to boil down. Even though the process of digital security is changing marginally, fostering such conversations and reaching consensual awareness are more important than ever.
“What we’re seeing is how the balance of power is shifted between the press and public to governments that are increasingly opaque in their monitoring activities,” former NSA contractor Edward Snowden said via a webcast at a digital security conference. “If we allow this to continue without much visibility, we cannot make informed decisions.”
rachbutt 