How can journalists make their work more secure? Over 40 journalists, academics and security experts came together in Washington D.C. on Aug. 23 to discuss current digital security challenges and brainstorm new approaches.
Hosted at NPR headquarters, the full-day workshop, sponsored by the Gannett Foundation, was split into two parts: morning panels dedicated to hearing from experts, learning about the latest threats and the ways journalists are protecting themselves now, and afternoon collaborations focused on identifying user needs and brainstorming new tools and processes to keep sources and communications secure.
The morning session explored digital security issues for journalists with Delphine Halgand, Reporters Without Borders, Shauna Dillavou, CommunityRED and Seamus Tuohy, Internews. Moderated by Chrys Wu, The New York Times.
Next, Runa Sandvik of Freedom of the Press Foundation gave an overview of threat modeling. Journalists should do a risk assessment, asking themselves:
- What do they want to keep private?
- Who is interested in the information?
- What can they do if they access the information?
- What would happen if they succeed?
Based on the answers to these questions, journalists can make a simple plan to protect their materials.
Mike Tigas, News Apps Developer at Propublica, followed up with practical security tips and tools for journalists. His full presentation is here. Some notable tips include using a password manager, TOR web browser and Signal (iOS) or Red Phone (Android) for encrypted calls.
In the afternoon, nine leaders from the ONA community worked with local participants to imagine better tools and processes for enhanced digital security, using human-centered design to guide the process.
Participants were placed on teams that included a mix of editorial, security and development experts to ensure each group had a range of perspectives and skills. Reggie Murphy, Principal Consultant at Electronic Ink, introduced design thinking (presentation) and used the philosophy to guide the teams throughout the workshop.
By using design thinking, teams were able to approach security issues from another angle by trying to problem-solve specific user needs. Each group started by interviewing a security expert to identify some of their everyday security challenges.
From there, the groups brainstormed possible solutions, narrowing them down to one idea worth prototyping.
After they defined the problem, teams built paper prototypes, tailoring them to the user and specific needs. This practical approach made security issues, which can seem abstract and too complex for non-experts, more concrete in everyday scenarios.
Each group had their prototype reviewed by a security expert, and then iterated on their product based on feedback.
Groups presented their prototypes at the end of the workshop. Many will continue to work on development.