While I am by no means a seasoned investigative journalist, I have the good fortune to work with some. Looking ten years back I couldn't imagine a media organization considering geek qualifications a core part of an investigative team. In 2011, turning a geek into an investigative journalist is a no-brainer.

The information landscape a journalist lives in today is very different than ten years ago. People share more information on the Internet about themselves than ever before. Journalists have access to large quantities of free information stored in social networks, government databases, and Freedom of Information requests. In response, the traditional journalist is evolving quickly. Today's journalist is not only sitting in the court room or town hall meeting with pen and paper but with a laptop sifting through relevant online information, filling FOIA requests, and chatting with their editors. With journalism, the market for tools and methods to collect, analyze, and present this information is growing fast.

The days of Excel spreadsheets and HTML tables are gone. Whether we're watching on TV, reading online, or in a newspaper we expect beautiful and easy to understand representations of important information, no matter how large the underlying data is. DocumentCloud, Information is Beautiful, Piwik, Mining of Massive Datasets, PACER, Google Refine, Google Fusion Tables, Google Public Data Explorer, IBM's Many Eyes, and ScraperWiki are just some of the data driven journalism tools widely used by mainstream media today.

There already exists a wealth of awesome write-ups documenting methods and tools for journalists creating data driven stories.[1] [2] [3] Rather than add to it, my focus is on another important and evolving component of investigative journalism: sources, communication, and protection of privacy.

…

The journalists of yesterday and today care deeply about protecting the identity of sources. Having a private conversation with a source used to be easier. The days of meeting sources confidentially in a dark lit parking garage are disappearing. Today things are very different. In our digital world, journalists interview sources half a world away or across town using Skype. And just like every generation of journalists, today's are developing tradecraft with new techniques and tools on top of tried and true traditional gumshoe journalism.

Investigative and Field journalists reporting the recent revolutions in the Middle-East and Northern Africa exposed surveillance technology deployed by now toppled and currently active regimes. It has been reported that Libya was using a system developed by Amesys, a French company (though the company has argued its dealings with the regime were limited). [1] [2] The BBC reported that Iran is using a system developed by Nokia-Siemans Networks, a Finnish and German company. Syria is reportedly using a system developed by Bluecoat, an American company though it was not likely sold directly to the regime[1] [2] [3] The Guardian reported that The Gamma Group, a U.K. company, offered to sell a system to Egypt. Surveillance technology is the new hot weapon in a cyber-arms race with journalist-source confidentially in the crossfire.

Government operators of these surveillance systems are able to monitor in real time an entire populations mobile phone conversations, text messages, emails, and Instant Messages. Operators watch individuals visit websites and receive alerts for concerning activity. In some cases, operators can retrieve passwords for social network and email websites. Who are these government operators targeting? Often, it is government opponents, journalists, and their sources.

If Western developed surveillance technology can do all this for a developing Middle-East or North Africa government, what are the capabilities of developed Western government's surveillance technology? In an arms race, what we know today was outdated yesterday.

Paraphrasing statements made by Lucy Dalglish of the Reporters Committee for Freedom of Press at the Investigative Reporters and Editors conference: No longer do governments always need court orders to obtain a journalist's source. Lucy points to how pervasive "lawful" surveillance technology has become worldwide. The amount of information collected by today's governments and corporations is beyond Orwell's imagination. In response, today's investigative journalist must develop their tradecraft with new tools and skills. Journalists must be conscious about existing surveillance technology and take steps to guard against it.

Take off the tin foil hat. It's not going to help.

…

Fortunately, tools exist to keep Big Brother's eyes and ears at bay and maintain source confidentiality. Some of these tools are accessible. They can be download and used today for secure communication between two people without requiring super geek credentials. For brevity's sake, I'm only providing an introduction with links to more information.

Visit a Website's Secure Address: HTTPS Everywhere
Take a look at your web browser's address bar. The HTTP at the beginning of every web address stands for Hyper Text Transfer Protocol and is a vital component of the World Wide Web. It is also a non-secure connection. Replacing HTTP with HTTPS adds additional security. While it is often default for banks, it is not for many important sites we use to communicate amongst ourselves. The HTTPS Everywhere extension increases security by making HTTPS the default connection between you and Gmail, Facebook, Twitter, and many other websites.

From the Electronic Frontier Foundation's website: "Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

Secure Encrypted Chat: Crypto.cat, Off-the-Record
From Julius Caesar to the Enigma Machine, cryptography has been using encryption to keep communication between two parties private for a millennia. Using modern cryptography, crypto.cat, allows for encrypted private chats between two individuals today. Grab a person with a computer nearest to you and visit crypto.cat. Agree on a chat room and you are both engaged in a secure conversation requiring only a web browser. It's that easy.

Crypto.cat is new, using recent methods to secure your communication. A mature tried and true method is called Off-the-record, or OTR. OTR extends the capabilities of your Gtalk, AIM, or any other Instant Messaging service to make sure only you and the person you're talking to can read the messages.

If you're using Windows or Linux, download and install Pidgin with the OTR plugin. If you're using a Mac, download and install Adium. If you've an Android, download Gibberbot from the Android Market. Note, both parties in the conversation need to have one of these applications installed for secure chat.

Secure Encrypted Email: PGP, PrivacyBox.de
Email is like a post card, even if you are using a secure https connection to Gmail. Without your permission, I could forward your message on to someone else. After 6 months, U.S. law enforcement can read your email without a warrant. They may not wait that long. According to Google's Transparency Report, in 2010 94% of the time Google complied with U.S. government data requests. Never assume email is private, period.

Assuming all of your email is public, you could try and write each avoiding language that would impose self-harm or offend anyone. You would have to look beyond the present to the future as well. Or you could encrypt the email you want private with Pretty Good Privacy or PGP.

For Windows and Linux, download and install Mozilla's Thunderbird and the Enigmail extension. For Mac, you can download GPGTools which supports Apple's Mail app or my recommendation of Thunderbird. Just like secure chat, both parties need to have PGP enabled email configured for a secure email communication.

Another good and easy solution is PrivacyBox.de. "PrivacyBox provides non-tracked (and also anonymous) contact forms. It is running primarily for journalists, bloggers and other publishers." You or your team can setup an account assuring your contacts a secure way to communicate with you for free right now.

Secure Encrypted Voice: Skype, Redphone, CryptoPhone
It is much easier than you might think to listen in on your mobile phone conversations. Skype with encrypted voice is a step in the right direction. Though unlike OTR chat's or PGP email, it's not a trusted solution. You put all of your trust in Skype not to listen in, manage the security of your communication, and not turn information over to a government. Microsoft owned Skype does not offer a Transparency Report like Google. Thus, we have no idea how often they comply with government data requests. It's likely they are under similar pressure as Blackberry maker RIM is in the Middle-East, who've likely "granted some access to communications passed between devices to the UAE government".

If both you and your contact have Android phones in the U.S., check out Whisper System's RedPhone: "RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to."

If you can afford it, a good solution is GSMK's CryptoPhone. It looks and operates like a standard mobile phone, except when two CryptoPhones call each other. With a CryptoPhones on each end of a they create a "completely confidential encrypted telephone call".

Secure Your Everything: Tor
The above tools do a fine job of protecting specific communications methods, but what about web browsing and everything else? What if you don't want anyone to know you are visiting a specific website, uploading files to Wikileaks, talking to a specific person, or have censored/restricted Internet access? The answer is Tor.

You have to meet a very secret informant named Deep Throat in the bottom level of an underground garage across town. If it was anyone else, you'd jump into your bright yellow VW Beetle convertible. You decide it's a bit conspicuous for this trip. Conveniently, your buddy lends you the worlds most popular car in it's most common color, a white Toyota Corolla. Even better, the Toyota's windows are darkly tinted. Rather than drive straight to the parking garage, you take a longer indirect route making it hard to know your destination.

This is what Tor does to your Internet connection. Like a Toyota with encrypted windows criss crossing town, Tor makes the traffic look inconspicuous, encrypts your information making it very difficult for anyone to know what you're doing or saying, and routes your Internet traffic through other Tor users making it difficult for anyone to know who you are, who you are talking to, or what you're doing online.

Tor is an amazing piece of technology and easy to use. "The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software." Download and run. If you've an Android phone, download and run The Guardian Project's Orbot from the Android Market.

…

This next set of tools are as important as the aforementioned for modern investigative teams. Unfortunately, they require a fair amount of technology experience to implement. If you are not a geek and work for a larger media organization, bring these tools to the attention of your IT and Security support staff. If you're an independent journalist, show them to your geeky friend. If you need to make a geeky friend, try your local hackerspace.

Anonymous Online Dead Drop: Globaleaks
There is social value in providing a secure space for people to expose confidential information that is in the public interest, as seen recently by Wikileaks and those before it. In the post 9/11 U.S., more than 4.2 million people have access to confidential information with a government security clearance. Over one million of the 4.2 million have access to Top Secret information. If you can provide an online dead drop with reasonable assurance of anonymity and deniability for the conscientious, it will get used.

These whistleblower services are on the rise from main stream sites like the Wall Street Journal's Safe House to the region specific FrenchLeaks. The technology co-opted by them strives to keep one step ahead of those who would keep socially valuable information from the public eye. Internet policy and free speech advocate, Marvin Ammori states “The right to free speech is meaningless without some place to exercise it. “ Recently, Wikileaks has exposed the urgent issue of protecting Marvin's “digital speech spaces”. Just like the Crypto Wars of the past, lawyers creating forward thinking policy and geeks creating innovative technology are required.

Creating a website to accept files and text is not a complex task for an average geek. Including technology assuring deniability, anonymity, information security, and privacy embracing the same tradecraft as a traditional dead drop is something else entirely.

Leak Directory may be the most comprehensive set of information on the topic. You'll be quickly reminded that whistle blowing websites didn't start with Wikileaks. From old school telephone hotlines, online forms hosted by national security agencies, to Cryptome tools and services for receiving and disclosing leaked information have been around for a while.

Unfortunately, most are bespoke and proprietary. Globaleaks is one to pull out of the haystack, an open source project worth keeping an eye on.

Encrypted Cloud Storage for Teams: Dropbox, Encfs
When dealing with large diverse files such as audio, video, and various documents, it's not practical for colleagues to share files via email or snail mail. You could use a company VPN and centralized storage but it's often to slow in the field. Cloud services such as Dropbox make it their business to get as close to you as possible ensuring the fastest upload and download speeds as possible. While Dropbox is easy to use, it is not reliably a private option without an additional layer of security.

A tech savvy solution is to encrypt your content before Dropbox sees it. Pairing Encfs with Dropbox results in file based encryption that only you and your colleagues can decrypt. It's cross platform with existing instructions to get you and your team collaboratively editing files in a shared secure folder with OS X, Windows, Linux, and Android.

…

While the adoption of these tools goes a long way in reducing the ability to "listen in" on your communication, it doesn't address all the issues a journalist will confront. What if your laptop gets stolen or confiscated and searched at a border, what if you are detained and required to give out your passwords, what if someone you trusted gives out your passwords, or you are being actively harassed by intelligence officers? Even in the United States some states argue that a mobile phone can be searched without a warrant.

You should follow those links. These are common situations investigative and field journalists encounter today. The above situations aside, your laptop or phone will break. When it does, it will likely have information you need and need to keep private. What then?

If you work for a large media organization, hopefully you've already been approached or gone through some information and operation security trainings. If not, go find your Chief Security Officer or Director of IT. Ask them what your organizational policies are for the above situations.

In general, there is an empty void of resources tailored specifically for journalist on information and operation security. eQuality, “a collective of technology and security experts working with organized civil society and independent media.”, is a good place to look for formal trainings and policy development.

If you're an independent journalist with little technology experience, there are some resources out there for you. The Tactical Technology Collective's Security in-a-box is an excellent reference with tools. EFF's Surveillance Self-Defence. RiseUp's Communication Security, and MobileActive's Guide to Mobile Security Risk Assessment are three recommended primers.

…

Finally, utilizing and supporting technology providers that understand the importance of privacy and security will make things easier for you. The EFF's "Who Has Your Back" campaign rates large providers. Google and Twitter lead the way. A recent Wired and Ars Technica article, "Secret memo reveals which telecoms store your data the longest", give T-Mobile a slight edge in the U.S. In all cases, they are storing information and often handing it out without your prior consent. Do you trust them with your private information that exposes your sources?

Personally, I use and support The Riseup Collective. They don't provide Internet access, but they provide trusted secure services including E-mail, Instant Messaging chat, VPN, and support to the Tor project. They will also fight for your right to privacy.

Recently, Google and Riseup both received subpoenas from a judge to hand over user account records. With the help of EFF and the National Lawyers Guild, Riseup fought and won to have the subpoena's overturned. Unlike Riseup, Google complied with the order handing over the requested information about its users.

…

I covered more than intended and left out a whole lot. I look forward to comments on what's missing, what's more secure, what's easier to use, other good references, and your general thoughts. “After all, it is not the diagnosis of a disease that cures the patient.” said Mr. Fish

I am addicted to news. It all started a few years ago. I blame the Urbana-Champaign Independent Media Center and the Indymedia movement in general. It's not entirely their fault.

The addiction became apparent when websites started using RSS feeds for news and podcasts. Things began to spin out of control. I tried every reader out there. Not one was good enough. I wrote my own web based reader using MagpieRSS but my app sucked. I was depressed. Nothing allowed me to read *everything*.

Then it happened. You lifted me out of the low moment. I had nearly given up on you RSS. Google Reader, you changed everything. Our first moments together were bliss. I could read *everything*.

But then things started to change. Soon you began recommending things to me, making it easy to add other feeds, share stories with buttons, and other goodies. Despite your valant efforts, soon I was strangled by that old depressing feeling. Google Reader, even with you I couldn't read *everything*.

It didn't take long before I became used to your 1000+ unread items. You didn't give up on me. You worked hard to keep me happy. You learned alchemy and started playing with Magic. Things began to feel normal and good again... for a while. I just couldn't stop creating more tags and I kept adding more feeds. Even with your Android app, there wasn't enough time in the day for us to spend together. Before long, I began avoiding you trying to run away upset that together we couldn't read *everything*.

Then I remembered something you once told me. Google Reader, I remember you saying softly "Heya Dan, just letting you know that I've been tracking and monitoring *everything* we do together." Several years later, thousands of feeds later, and tens of thousands of read items later, your pretty Trend graphs told me what I read most. Turns out, everything was the opposite of what I wanted! Maybe less is more.

You should know, I think it's a bit creepy that you can do all of this. Your convenience, ease of use, and our history together have ensnared me. And even though you're not the new kid on the block, I love you just the same. Please don't hurt me.

Arm in arm, let's show the world what we do together. Below are my most read feeds.

By Dan Meredith & Sascha D. Meinrath Originally posted at The Open Technology Initiative

Irrespective of your personal feelings about WikiLeaks, the model it pioneered has challenged traditional journalism models and serves as a harbinger of change for 2011. WikiLeaks-esque tools supporting a new generation of whistleblowers are facilitating fundamental changes in the relationships among sources and journalists. These tools can disseminate exceedingly large amounts of information within remarkably short time frames and challenge journalists, who necessarily must utilize new technologies to vet, manage, source, and expose the needles in the haystack. Likewise, WikiLeaks forces those who harbor sensitive data to think differently about both information compartmentalization and how to address the leaks that will inevitably occur.

As these technologies evolve, new opportunities for technology-mediated journalism are dramatically increasing. Unfortunately, few journalists (and even fewer media outlets) have the technological savvy to take advantage of these new avenues for reporting. If we aspire to achieve a more open, transparent, and investigative Fourth Estate, increased resource-sharing and educational skills-sharing between geeks and (journalistic) gumshoes is desperately needed. Within this context, journalists, technologists, and researchers at the New America Foundation’s Open Technology Initiative (OTI) have been pioneering the next generation of journalism. Through OTI’s Media Policy Initiative and Native Public Media we are actively exploring both innovative models for 21st century reporting and the policies that will best sustain them. All of these changes are also happening during a time of unprecedented collaborations and that are driving new forms of participatory journalism.

Technology-mediated journalism should be a catalyst for reevaluating standard operating procedures that have grown increasingly out-of-touch with on-the-ground realities -- the hacker ethos that “information wants to be free” has increasingly come into conflict with modern journalistic notions of “propriety” in vetting sensitive information (e.g., embedding reporters in military units, or becoming cosy with government sources). If 2010 was the year WikiLeaks established itself as a challenge to the journalistic status quo, 2011 will be the year that larger, more well-established media outlets reevaluate their practices and respond.

It is widely accepted that authoritarian and dictatorial control, censorship, and anti-democratic practices go hand-in-hand with efforts to maintain centralized control over data and lockdown of important information. Al Jazeera announced its intention “to shine light on the dark government and corporate activities” by establishing a new Transparency Unit within the organization. The new online tools on the Unit’s website are both a place to search through the over 1,600 documents constituting the recently disclosed Palestine Papers and a secure drop box “to submit all forms of content for editorial review and, if merited, online broadcast and transmission on our English and Arabic-language broadcasts.”

Though the Transparency Unit’s IT framework is technologically similar to WikiLeaks, Al Jazeera is integrating their own analysis of the raw (leaked) data and generating long-form journalism stories to couple with the public release. This “journalism of depth”, as Al Jazeera’s Director General's, Wadah Khanfar describes it, represents an important evolution in the role of news outlets who are working to support openness and transparency. While we should expect reporting on such a wide release of official documents (in much the same way that the original WikiLeaks release of 250,000 documents was combed over by numerous media outlets), two key differences are the ability of any news outlet to leverage WikiLeaks-type infrastructure to produce traditional investigative reporting at a much lower costs than before, and the speed with which leaked information can be collected, analyzed, aggregated, and disseminated.

Recently OTI technologists were invited to meet with the Transparency Unit journalists and technologists to review the project's technical framework. OTI’s goals were to take a top down look at the initiative’s infrastructure and provide suggestions on how to support openness and transparency using open technologies, all while protecting whistleblowers’ privacy. Specifically, OTI focused on protecting the integrity of submitted information while ensuring proper separation and safeguards between the Transparency Unit’s public-facing infrastructure and Al Jazeera’s general IT networks. As more global media outlets begin to focus on this intersection of technology and journalism, OTI will continue to work with these new projects to assist with their technical due diligence.

Like any powerful tool the technologies used by WikiLeaks and Al Jazeera create a Faustian bargain. Along with all the benefits that sunlight provides, there is also a darker side that must be addressed. A lack of institutional privacy may lead to practices where less and less sensitive information is documented, thus undermining transparency and accountability. Within today’s “publish or die” media, one can imagine a near-future where whistleblowers, rather than working for weeks or months with a single news outlet, deliver massive quantities of data to numerous outlets who then strive to be the first to publish. Within such an environment, careful vetting of information will increasingly take a back seat to expediency, laying the foundation for potentially explosive situations where the public identification and naming of malefactors and innocents alike becomes normative.

For WikiLeaks, the writing may already be on the wall -- it has a direct competitor in OpenLeaks, and the critical innovation that defined its success -- a digital dropbox -- has already been copied by one leading media broadcaster. And while imitation may be the sincerest form of flattery, the continuing importance of any single whistleblower website will diminish as multiple WikiLeaks-esque platforms are developed. In the interim, we should applaud the new-found power and protections afforded whistleblowers by these new technologies, but must also go forward knowing the advantages and disadvantages of a world where radical transparency happens irregardless of the sensitivity or repercussions of the information disclosed.

FOR IMMEDIATE RELEASE

IMCfest is this Friday, Saturday, and Sunday April 17-19 (All Ages)!

For Current Schedule of Events and Performer Info See: http://imcfest.org/