Journalists Don't Have the Right Tools to Keep Sources Anonymous in This Post-Snowden Age

In this new age of surveillance and tracking, can journalists really keep their sources anonymous anymore? A group of researchers from the University of Washington and Columbia University say, for the most part, no.

As part of a study the group probed the computer habits of 15 journalists from the United States and France, and found their security habits to be lacking, potentially compromising a source.

Senior author Franziska Roesner, an assistant professor of computer science and engineering, laid out one example in a press release:

“If you use your iPhone to translate speech to text, for example, it sends that information to Apple. So if you record a sensitive conversation, you have to trust that Apple isn’t colluding with an adversary or that Apple’s security is good enough that your information is never going to be compromised.”

This revelation could damage the trust of sources who wish to remain anonymous, unlike Edward Snowden, putting journalists in a predicament where offering the promise of total anonymity isn’t possible.

The researchers note that it’s not that the effort of keeping sources secure wasn’t there; it was that journalists proved to be human and slipped up. In another instance, one journalist made an effort to meet sources in person, and blew the security of the operation by photographing sensitive documents with their iPad.

Anonymity can only be attained if, at every step, security is maintained. That means no saving things to the cloud with Dropbox or Google Drive (SpiderOak is a great encrypted cloud solution); using search engines that won’t save your queries, like DuckDuckGo; and software that will keep you anonymous while browsing, like Tor. Security systems need to have redundancies.

The Electronic Frontier Foundation has built an invaluable resource that outlines tips and tools journalists (and everyone) should use to prevent unwanted surveillance from encrypting emails, texts, and calls to circumventing online censorship without paying for a VPN.

But many of these solutions rely on the sending and receiving party to have these security measures in place, which is why Roesner and her team don’t fault journalists entirely. Roesner admits, “It’s not just a matter of giving journalists information about the right tools to use — it’s that the tools are often not usable. They often fail because they’re not designed for journalists.”

Sources may vary in their technical know-how, which may cause roadblocks to an investigation when communicating. This point leads to the main goal of this study: building better security tools to serve journalists.

Roesner said:

“Tools fail when the technical community has built the wrong thing. We’ve been missing a deeper understanding of how journalists work and what kinds of security tools will and won’t work for them.”