About to sit down to listen and tweet about this panel on cybersecurity for journalists at @IUMediaSchool. pic.twitter.com/WGdD5CRJPO

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Panelists: @eff's @ncardozo, @indystar's @IndyMarisaK, @iucacr's systems analyst @hedgemage and my @IUMediaSchool colleague @anthonyfargo1.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

First up: @AnthonyFargo1, professor and director of Center for Int'l Media Law and Policy Studies at @iumediaschool, talking law and policy.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Fargo discusses the questions journalists' protection of their phone records and data and the Risen/Sterling case: https://t.co/kuWI76fXHq pic.twitter.com/YBvQyn31x3

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Fargo: "If you're a journalist, what can you do? If you want to protect information you can use drop boxes … You can use burner phones."

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Fargo also suggested encrypted email or Tor, The Onion Router. Also, there's always going old school, like meeting in parking decks. pic.twitter.com/NlwNEpEznn

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Next up is @HedgeMage who is a systems analyst at the IU Center for Applied Cybersecurity Research, or @iucacr.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Susan Sons, @hedgemage, says smart phone users should use a product like @whispersystems' Open Whisper Systems.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@hedgemage has a list of "17 Doable To-Dos" that @iucacr has created. She says everyone should do this. https://t.co/n7TkVDouCn

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

For journalists, spy movies won't help, says @hedgemage. Use a drop box, from some place remote, like a rural library's public terminals. pic.twitter.com/GmTendbb9k

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

"There is a point where it has gotten dangerous and technical enough," says @hedgemage, "you need a hacker." Talking cartels, corrupt govt.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@hedgemage says email is like a postcard. Anyone touching it can read it. Encrypted email, like an envelope, viewers can't see contents.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Operational security matters in high risk scenarios, @hedgemage says. Sometimes it can be old-fashioned social engineering. Great anecdote.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Sons has talked about an everyone group, the journalists' group and now a group she's labeled journalists' cohorts.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Library data, @hedgemage tells us, is going out to corporations and probably including some agency's shell corp. Stick with paper, she says.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

That was an eye-opening glance from a birds' eye view of security from someone in the digital security, hacking universe.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Next up is @ncardozo. He does First Amendment and cyber security law as a senior staff attorney at @EFF. pic.twitter.com/0hIV4NrSsw

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

He's talking about threat modeling, understanding what you're up against, given the story. @EFF has resources here: https://t.co/y7OjmDilyd

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo "Even if you use everything you possibly could, technically…if your adversary is (big) and knows who you are, they'll get you."

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo says encryption tools can protect you from most sophisticated adversaries, but secure drop was designed to keep out lawyers.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo: "The best way of protecting your source (and data) is not having the data in the first place. That's what @SecureDrop gets you."

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo says journalistic privilege won't get you very far against determined lawyers. That's what products like Secure Drop are for.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo says smoke screen tech is good — iMessage, WhatsApp, etc — are good, if all parties are securely configured.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo says burner phones are good, but you can't slip up. Don't cross-pollenate the phone, it is a single-use tool. (Don't call mom.)

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo says email isn't that secure, but Gmail is better than running your own server. (Back to what @HedgeMage said: Call a white hat.)

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo The considerations and measures for border crossing is as varied as people in the room. (About 60 people at last count.)

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo is talking about @EFF's "Who has your back service." Great stuff here about ISPs: https://t.co/eRClOiWS1b

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@ncardozo says Microsoft is suing gov't to tell users more of what they having to provide. Twitter is suing NSA. @EFF filed amicus in both.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Next is @indystar investigative reporter @IndyMarisaK, who is talking about practical tips on cybersecurity on local/domestic levels.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@IndyMarisaK says Signal is really easy to use. If you can text, you can use it. Also, she sometimes doesn't write names atop story notes. pic.twitter.com/RrW6ou9TMs

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@IndyMarisaK is talking about @indystar's gymnastics abuse story. (You need to read it, they're doing great work.) https://t.co/c8uyeTUqjd

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@IndyMarisaK says ask sensitive sources how many people have secret info. If the number is two, people only have to look so far …

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@IndyMarisaK says if you're trying to protect a source, don't connect with them on social media (at least right away). It's a tell.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

Q&A at the @IUMediaSchool's cybersecurity for journalists panel. @ncardozo starts, comparing/evaluating security-encrypted resources. pic.twitter.com/kyDL4hzx8v

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017

.@HedgeMage is talking about the security default configurations of WhatsApp and Signal. And it is important that both parties use config.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

We're talking about the @nytimes now famous "bring it on" letter. Most agree we'd enjoy that as a spectator sport: https://t.co/BYZiKbgEM4

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@ncardozo gets a question about what country's laws better protect ISPs. (So who to use.) Says US 6th circuit is good. US 9th is good.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@ncardozo says data is vulnerable in any country that can be coerced by the U.S. … Soooooooo ….

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@IndyMarisaK hasn't had a lawyer ask who a confidential source is, says that's a credit to Gannett's legal team, but sees it case-by-case.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

Question about media impressions and reactions from recent DC rhetoric. @ncardozo talks about the policy that needs AG Sessions' signature.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

Following up @AnthonyFargo1 talks about Obama administration pursuit of leakers. Says we're waiting to see if the current "bombast" is real.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@AnthonyFargo1 says we might not yet know where exactly all the threats are going to come from. That'd dictate what journalists need to do.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@IndyMarisaK says there is a "temperature" to attack main stream media. She points to the difficulty people have of separating journalists.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

Different kinds of journalists are doing different kinds of things, @IndyMarisaK says. You particularly see it on social media. (Shocked?)

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@HedgeMage says there are ironies in the relationships between journalists and hackers, "Because we've never gotten good press."

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

Whatever happens on the legal landscape, @HedgeMage says, there are still ways to thumb your nose at authority.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@ncardozo says even as the president has announced a "war on the media" there are always issues of reality. Constitutional powers, etc.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@AnthonyFargo1 sees no anti-First Amendment groundswell, but says there is an uptick of non-pols who dislike the media. Not easy to combat.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@HedgeMage says punditry has become ubiquitous and that's serving as a stand-in for "The Media."

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

The real winner of this (excellent) panel session, I'd say, is @SecureDrop.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

Now on risks to old school journalism techniques of meeting in public. Phone GPS tracking, facial recognition, ALPRs. @ncardozo takes it on.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

.@ncardozo Don't drive. Don't take your phone. Take the bus. If you have any technology, you're likely being tracked. (ed: Have a nice day.)

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

And that was the big finish. Great panel by @IUMediaSchool, @iucacr and @IUMaurerLaw.

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017

Slides from tonight's cybersecurity for journalists panel (by @IUMediaSchool, @iucacr and @IUMaurerLaw): https://t.co/e3ecn31i4M

— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017