The recent discovery that the U.S. Department of Justice has seized Associated Press and Fox News phone records has seriously shaken the news industry.
It remains unclear whether the DOJ went through all the proper channels to get that information. Either way, the situation has made journalists wonder who else has been investigated — and who’s next.
The Internet makes many reporting tasks much easier, from gathering information to communicating with sources. But it also leaves a trail of digital bread crumbs for law-enforcement officials to follow — and electronic messages aren’t protected as strongly as those on paper, Trevor Timm, an activist with the Electronic Frontier Foundation, said via email.
“Despite the fact that police need a warrant to read physical letters or listen to phone calls, the Electronic Communications Privacy Act says police don’t need a warrant for email over 180 days old,” Timm said.
There are a number of ways journalists can protect themselves. Although few of them are foolproof, they can go a long way toward keeping your newsgathering process much more covert — especially when it matters most.
One of the best ways to make investigations tough to trace is to keep them offline. Meet sources in person — and in private if you can, to reduce the chances someone will spot you or overhear your conversation. Take notes on paper, and destroy them once you’re done with them.
Although these old-fashioned Deep Throat methods are among the best ways to keep things off the record, there’s a modern twist: turn off your cell phone or put it in airplane mode when you’re meeting a source, and make sure your source does the same.
Turning off geolocation isn’t enough, considering Apple is being sued for allegedly leaking location data even after customers said they didn’t want to be traced. As long as your phone is receiving a signal, someone can track your whereabouts — and that information is also sometimes stored for later retrieval.
Run your own mail server
Meeting sources in person isn’t always practical. They may be overseas, and your company might not be willing to spring for a plane ticket every time you want to communicate. But many of the popular mail services, including Gmail, Yahoo and AOL, will provide law-enforcement officials with information about your activity if they receive a warrant or subpoena — and other services don’t even require that much. It’s safer to keep email in-house, where your company has control of it.
Many news organizations, especially the large ones, have an IT department that keeps their computers humming and their Internet connections stable. These computer experts often also know how to run a mail server. While on-site email is also subject to warrants and subpoenas, if that happens, law-enforcement officials will have to go through your news organization’s top brass and attorneys to get at your messages. If the DOJ subpoenas an outside provider for your emails, on the other hand, you might not find out until it’s too late.
Encrypt or go anonymous
If your company can’t run its own mail server, there are a couple of alternatives. One is PGP (for “pretty good privacy”), an encryption software bundle that can make your messages look like gibberish to anyone without the key.
Unfortunately, PGP isn’t very user-friendly; this is another area where your IT team may come in handy. An easier option is Hushmail, a fully encrypted email service. The downside: Hushmail only stays encrypted when both you and your source are using it. And, as with other email services, it will hand over messages when ordered.
One way to help your sources remain anonymous is to use Tor, which keeps Internet activity hidden by decentralizing that activity — and by not recording it anywhere. Tor can also protect your newsgathering records; while your Google searches are subpoenable forever, funneling them through an anonymizer makes recovering them impossible.
“We get inquiries from law enforcement, and we explain that we have no information to give them,” Karen Reilly, Tor’s development director, said via email. “Tor can’t give out information it never gathered.”
Don’t keep anything online
What I said earlier about destroying your written notes also applies to electronic communications. If someone drops a tip in your personal inbox, as may have happened with Fox’s James Rosen, don’t keep it there. Download it to your computer or print a hard copy, and then delete the online version. Don’t just put it in the trash; you need to click the “delete forever” button or your email provider’s equivalent.
However, those providers keep backups, so check with yours to find out how long they’re kept. The chances that law officers will ask for that data before it’s purged is slim, but it isn’t zero. On top of that, the person on the other end of the email exchange may hang on to his or her copies.
Stay off the phone
I know that sounds ridiculous, but think about it: you can run your own email server, but you can’t run your own telephone service or cell-phone network, meaning you can’t control what happens when your call logs are subpoenaed. If you can’t communicate with sources entirely offline, go electronic. Email can be encrypted, but phone conversations can’t.
Likewise, don’t use text messages; they can’t be encrypted either, and even if you delete them, the person on the other side may not.
Consult a lawyer
Attorneys can also help quash or narrow subpoenas, particularly if those subpoenas are demanding information your company keeps in-house.
You don’t have to encrypt or shred every conversation you have with a source. However, if someone is risking his or her job — or life — to leak information to you, taking these steps can protect both of you.
When it comes to government investigations, “national security reporters are the most likely targets,” Timm said. “This is clearly protected by the First Amendment, but it doesn’t stop the government from conducting investigations into leakers, many of which are over-broad fishing expeditions that lead to journalists being unduly surveiled and sources unnecessarily scared to talk.”
For further reading, check out the EFF’s Surveillance Self-Defense site, which outlines the legal limits of what investigating agencies can do and how to keep your communications private. And see these great tips from the EFF’s Eva Galperin.