By Alan Pearce
Let’s be clear about this: every thing journalists do in the digital world is open to scrutiny by suspicious minds because that’s the way intelligence agencies work. If state eavesdroppers didn’t make use of this amazing opportunity they wouldn’t be very good at their job.
Edward Snowden’s revelations about the U.S. National Security Agency’s global monitoring should not come as a big surprise. U.S. agencies have the technology, the will and some very loosely-written laws that allow them to snoop with impunity. It was just a matter of time before someone stood up and blew the whistle.
So far, we have only seen the tip of the iceberg but the little that Snowden has told us should serve as a major wake-up call for everybody in the news business because a journalist that cannot offer confidentiality is a compromised journalist, and fewer sources will trust us in the future.
But the Internet has come a long way in recent years, along with the development of digital security tools, almost all of which are built by activist volunteers, that can make the digital world a far safer place for journalists to operate. In this regard, journalists can learn from others who – for different reasons – have learned how to evade electronic surveillance, as I explain in my new guide, “Deep Web for Journalists,” supported by the International Federation of Journalists.
Start researching sensitive subjects or visiting extremist websites, and a tracking device could quickly be planted to follow your computer’s activities around the Internet and report them back. The tracking technology may involve an algorithm that could easily misconstrue your browsing activities leading alarm bells inside intelligence agencies to be set off.
If intelligence agencies become interested in you, they have the capability to monitor all your online activities and read your emails. They will see who your contacts are and they will start to monitor them, too. Once they sink their claws in they may never let go.
All journalists are potential targets. We have contact with politicians and activists, we have our finger on the pulse and we are capable of causing all kinds of trouble both to governments and to corporations.
And, while the key is not to draw attention in the first place, it is also important to understand how the agencies operate and then figure out ways to confound them because you cannot rely on any single security application or piece of technology.
In the final scene of the Hollywood film, “Raiders of the Lost Ark,” the Ark of the Covenant is hidden inside one crate placed among a humongous warehouse full of identical crates. The scene helps illustrate an operating principle for journalist. Simply put, if intelligence agencies do not know where to look for information they are less likely to ever find yours.
It may surprise some people to learn that there is in fact another Internet, a parallel and vast digital universe much like the one we know but that is populated by very different users. The Deep Web, as it is also known, involves hidden networks allowing people to secretly connect with each other within the broader Internet.
One way to find the Deep Web is through the Hidden Wiki. Its hidden networks are accessed via specifically-configured web browsers that route users through different servers, often in different nations, to make it all but impossible for anyone to track the original location or Internet Service Provider address where someone is physically accessing the Internet including the Deep Web.
The most widely-used such network is Tor, a respectable tool built by Internet Freedom volunteers that is open to use by human rights activists, and also to abuse by criminal syndicates, predators, terrorists and others.
To enter Tor, you must first install the Tor/Firefox web browser to divert your traffic through a worldwide volunteer network of servers. This conceals your location and your activities, effectively hiding you among all the other users. Tor works by encrypting and re-encrypting data multiple times as it passes through successive relays. This way the data cannot be unscrambled in transit.
Tor is so effective, in fact, that many intelligence agencies now use Tor for their secure communications as do many online criminals of all kinds, along with politically-motivated violent extremists. The pervasive use of Tor and other VPNs through the Internet including the Deep Web is a fact seemingly lost on those governments that concentrate on the easier task of monitoring the public at large.
In other words, you can use Tor to access the conventional Internet without ever drawing attention. When used in combination with other digital safety tools, journalists can work to circumvent government eavesdroppers. Rather like spies in a James Bond movie, journalists have an array of digital weapons to call upon to ensure that their research, correspondence, notes and contacts are secure. Although learning both the concepts and tools involved can take time. The non-commercial tools also often not user-friendly, lacking explanations, and sometimes not working as expected.
With the right digital security tools you can access banned websites. You can continue tweeting when the authorities take down Twitter locally. You can scramble calls or send emails and messages that cannot be intercepted or read. You can pass on and store documents away from prying eyes. You might even hide news footage of a massacre inside a Beatles track on your iPod or smartphone while you slip across the border.
The Internet has evolved and so has its counter-surveillance tools. Now we must get smart and learn how to use them. We must safeguard our devices from intruders; we should take care that our smartphones are not used as tracking and listening devices. We need to learn how to stay beneath the radar.
Alan Pearce is a journalist who has reported for outlets including Time, The Sunday Times, Sky News and the BBC. He is the author of the ebook “Deep Web for Journalists: Comms, Counter-surveillance, Search,” supported by the International Federal of Journalists.
This article first appeared on the Committee to Protect Journalists’ Security Blog.