Among the other parts of my day, editing a big document, watching students produce a sports show, handling the various comings and goings of emailing and scheduling and so on, I had the opportunity to hang out at an important panel this evening. And I took notes.
Also, even if you aren’t interested in cybersecurity as a journalist or in your own professional role, this slideshow that gets mentioned people is accessible and worth your while. Check that out. Anyway, on to the tweets …
About to sit down to listen and tweet about this panel on cybersecurity for journalists at @IUMediaSchool. pic.twitter.com/WGdD5CRJPO
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Panelists: @eff's @ncardozo, @indystar's @IndyMarisaK, @iucacr's systems analyst @hedgemage and my @IUMediaSchool colleague @anthonyfargo1.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
First up: @AnthonyFargo1, professor and director of Center for Int'l Media Law and Policy Studies at @iumediaschool, talking law and policy.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Fargo discusses the questions journalists' protection of their phone records and data and the Risen/Sterling case: https://t.co/kuWI76fXHq pic.twitter.com/YBvQyn31x3
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Fargo: "If you're a journalist, what can you do? If you want to protect information you can use drop boxes … You can use burner phones."
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Fargo also suggested encrypted email or Tor, The Onion Router. Also, there's always going old school, like meeting in parking decks. pic.twitter.com/NlwNEpEznn
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Next up is @HedgeMage who is a systems analyst at the IU Center for Applied Cybersecurity Research, or @iucacr.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Susan Sons, @hedgemage, says smart phone users should use a product like @whispersystems' Open Whisper Systems.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@hedgemage has a list of "17 Doable To-Dos" that @iucacr has created. She says everyone should do this. https://t.co/n7TkVDouCn
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
For journalists, spy movies won't help, says @hedgemage. Use a drop box, from some place remote, like a rural library's public terminals. pic.twitter.com/GmTendbb9k
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
"There is a point where it has gotten dangerous and technical enough," says @hedgemage, "you need a hacker." Talking cartels, corrupt govt.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@hedgemage says email is like a postcard. Anyone touching it can read it. Encrypted email, like an envelope, viewers can't see contents.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Operational security matters in high risk scenarios, @hedgemage says. Sometimes it can be old-fashioned social engineering. Great anecdote.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Sons has talked about an everyone group, the journalists' group and now a group she's labeled journalists' cohorts.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Library data, @hedgemage tells us, is going out to corporations and probably including some agency's shell corp. Stick with paper, she says.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
That was an eye-opening glance from a birds' eye view of security from someone in the digital security, hacking universe.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Next up is @ncardozo. He does First Amendment and cyber security law as a senior staff attorney at @EFF. pic.twitter.com/0hIV4NrSsw
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
He's talking about threat modeling, understanding what you're up against, given the story. @EFF has resources here: https://t.co/y7OjmDilyd
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo "Even if you use everything you possibly could, technically…if your adversary is (big) and knows who you are, they'll get you."
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo says encryption tools can protect you from most sophisticated adversaries, but secure drop was designed to keep out lawyers.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo: "The best way of protecting your source (and data) is not having the data in the first place. That's what @SecureDrop gets you."
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo says journalistic privilege won't get you very far against determined lawyers. That's what products like Secure Drop are for.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo says smoke screen tech is good — iMessage, WhatsApp, etc — are good, if all parties are securely configured.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo says burner phones are good, but you can't slip up. Don't cross-pollenate the phone, it is a single-use tool. (Don't call mom.)
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo says email isn't that secure, but Gmail is better than running your own server. (Back to what @HedgeMage said: Call a white hat.)
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo The considerations and measures for border crossing is as varied as people in the room. (About 60 people at last count.)
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo is talking about @EFF's "Who has your back service." Great stuff here about ISPs: https://t.co/eRClOiWS1b
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@ncardozo says Microsoft is suing gov't to tell users more of what they having to provide. Twitter is suing NSA. @EFF filed amicus in both.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Next is @indystar investigative reporter @IndyMarisaK, who is talking about practical tips on cybersecurity on local/domestic levels.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@IndyMarisaK says Signal is really easy to use. If you can text, you can use it. Also, she sometimes doesn't write names atop story notes. pic.twitter.com/RrW6ou9TMs
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@IndyMarisaK is talking about @indystar's gymnastics abuse story. (You need to read it, they're doing great work.) https://t.co/c8uyeTUqjd
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@IndyMarisaK says ask sensitive sources how many people have secret info. If the number is two, people only have to look so far …
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@IndyMarisaK says if you're trying to protect a source, don't connect with them on social media (at least right away). It's a tell.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
Q&A at the @IUMediaSchool's cybersecurity for journalists panel. @ncardozo starts, comparing/evaluating security-encrypted resources. pic.twitter.com/kyDL4hzx8v
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 23, 2017
.@HedgeMage is talking about the security default configurations of WhatsApp and Signal. And it is important that both parties use config.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
We're talking about the @nytimes now famous "bring it on" letter. Most agree we'd enjoy that as a spectator sport: https://t.co/BYZiKbgEM4
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@ncardozo gets a question about what country's laws better protect ISPs. (So who to use.) Says US 6th circuit is good. US 9th is good.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@ncardozo says data is vulnerable in any country that can be coerced by the U.S. … Soooooooo ….
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@IndyMarisaK hasn't had a lawyer ask who a confidential source is, says that's a credit to Gannett's legal team, but sees it case-by-case.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
Question about media impressions and reactions from recent DC rhetoric. @ncardozo talks about the policy that needs AG Sessions' signature.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
Following up @AnthonyFargo1 talks about Obama administration pursuit of leakers. Says we're waiting to see if the current "bombast" is real.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@AnthonyFargo1 says we might not yet know where exactly all the threats are going to come from. That'd dictate what journalists need to do.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@IndyMarisaK says there is a "temperature" to attack main stream media. She points to the difficulty people have of separating journalists.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
Different kinds of journalists are doing different kinds of things, @IndyMarisaK says. You particularly see it on social media. (Shocked?)
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@HedgeMage says there are ironies in the relationships between journalists and hackers, "Because we've never gotten good press."
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
Whatever happens on the legal landscape, @HedgeMage says, there are still ways to thumb your nose at authority.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@ncardozo says even as the president has announced a "war on the media" there are always issues of reality. Constitutional powers, etc.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@AnthonyFargo1 sees no anti-First Amendment groundswell, but says there is an uptick of non-pols who dislike the media. Not easy to combat.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@HedgeMage says punditry has become ubiquitous and that's serving as a stand-in for "The Media."
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
The real winner of this (excellent) panel session, I'd say, is @SecureDrop.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
Now on risks to old school journalism techniques of meeting in public. Phone GPS tracking, facial recognition, ALPRs. @ncardozo takes it on.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
.@ncardozo Don't drive. Don't take your phone. Take the bus. If you have any technology, you're likely being tracked. (ed: Have a nice day.)
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
And that was the big finish. Great panel by @IUMediaSchool, @iucacr and @IUMaurerLaw.
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017
Slides from tonight's cybersecurity for journalists panel (by @IUMediaSchool, @iucacr and @IUMaurerLaw): https://t.co/e3ecn31i4M
— Kenny Smith 🐢🚴🏻 (@kennysmith) February 24, 2017