Chapter 6: Safer communications
Introduction
Communicating with sources is a vital part of a journalist’s job. They are increasingly in contact with others using a range of different platforms and they are often unsure as to how secure their conversations are. This chapter helps journalists make informed decisions around the tools they use to contact others based on their individual risk profiles.
This chapter will cover:
- Making informed decisions around how to contact others and how
- Guidance on choosing the correct service for communicating with sources
- How to better secure messaging services
Training journalists for the first time?
The following can be helpful to keep in mind:
- Journalists are in contact with a wide range of people on a regular basis using all forms of communication methods in order to do so.
- There is often little to no separation between work and personal contact details meaning people are able to contact them on their personal accounts and numbers at any time. This leads to an increased risk of harassment and digital surveillance.
- Many journalists often use their personal social media accounts to contact sources, leading to increased levels of digital harassment.
- Journalists regularly use their personal mobile phone number for work purposes. That number will have been shared widely with people ranging from government officials to criminals. They will not want to change this number as it is one of the main ways people can contact them.
- There is a lot of resistance from journalists to have two phones, one for work and one for personal use. It’s important to understand whether the journalist needs two numbers or if they need two devices. This will depend on their individual risk assessment.
- If journalists get a new number, it’s ideal if their current phone number stays as their work number and they get a new number for personal use.
- Newsrooms often do not have a budget to supply their staff with work phones and if there is an IT department they will generally not help staff secure their personal accounts, including social media, despite the fact they are using those accounts for work purposes.
- Journalists often do not do a risk assessment before working on a story and this may mean they have not thought through a process for contacting people in a safe way or do not know how to do so.
- While there has been an increase in journalists using end-to-end encrypted messaging services, they often do not know why they are using them; they have just been told that it is safer to do so. There is a lot of confusion around which of the messaging services is safer and what data they do and do not protect. This can lead journalists to have a false sense of safety where they believe they are more secure than they actually are, or a sense of misplaced anxiety if they overestimate adversaries’ abilities to read their messages.
- If there is no secure way to communicate with a source, the journalist will likely switch to an insecure method such as SMS or a GSM phone call, both of which can be intercepted by authorities. The trainer should advise on this, such as letting the journalist know they should say as little as possible, they should try and find a more secure method to communicate, if planning to meet in person they should be aware that the conversation may have been intercepted and that there are physical security risks associated with that.
- In certain cases, having two phones or using certain messaging apps can make the journalist look more suspicious to governments and others. Be guided by the journalist, they will likely have a good understanding of the risks they face in the context they are working in.
Training digital security for the first time?
This section covers best practice that can be used when teaching the activities in this chapter. See the resources section in this chapter for further reading.
General best practice
- There is no one way to contact someone that is one hundred percent secure; there are only more and less secure options. This is because there is always a risk that the person you are contacting may be under some form of surveillance or you yourself may be under surveillance. It may also be that the tool or service you are using to contact them may be collecting data that could be accessed by others, including via a subpoena.
- Before contacting someone, it is important to think about who you are contacting and what you are contacting them about. Important questions to think about include, Is the person I want to contact at high risk of surveillance? Is the person I want to speak to classed as doing something illegal? Are we going to be discussing a sensitive issue, such as government corruption? If the answer to those questions is yes then you should definitely be opting for a service that encrypts your data, see the section below on encryption.
- Journalists should be aware that the online services they use may be collecting metadata on users. Metadata is a set of data that describes other data. For example, the time a call was made, what device the call was made on, who the call was made to. Metadata can give governments and others a substantial amount of information that could be used against a journalist and their source.
- Before using an online service, it is recommended to carry out some research on it. Check the terms and conditions on the site, review the transparency report of the company, read what security trainers and groups like the Freedom of the Press Foundation are writing about it, or search on the internet for the following: has a government requested data from that service and has that service handed it over? How is data being stored by the company?, ideally it should be in an encrypted form. Has the company been involved in a data breach? If so, what data was accessed? How much metadata is the company collecting?
- Where possible, journalists should have two phones; one for work and one for personal use. This helps keep data separate which better protects the journalists and their sources if one phone becomes infected.
- All landline calls or mobile phone calls are not encrypted and can be intercepted. It is likely that the telecom company also keeps detailed records of call metadata.
- All text messages (SMS) are unencrypted and can be intercepted. A copy of your SMS messages is kept by your mobile phone provider and can be passed to governments or accessed by people at the company.
- Some services encrypt messages in transit but the information is not encrypted on the server of the company. This could be a risk for a journalist if they are concerned that a government might subpoena for that data or that the data could be accessed by someone at the company.
- If an adversary is able to intercept an SMS that is used to register the messenger on a new device, they could take over the whole messenger account for services such as WhatsApp and Signal. This attack was used to take over the account of a prominent cybersecurity journalist. This is a serious concern for journalists who face state (since security services can ask telecoms to misdirect SMS to them) and non-state (since many attackers can launch social engineering attacks against telecoms) alike. The easiest way to prevent such attacks is to enable a security feature which WhatsApp calls two step verification and Signal calls the PIN and registration lock. With that feature enabled, anyone who tries to re-register the account on a new device will need to possess not just the registration SIM but also a an additional password or PIN code.
- The most secure form of communication is to use end-to-end encryption by default. This means that the information is automatically encrypted both in transmission and on the server. Some examples include WhatsApp and Signal. Other services (such as Telegram) only enable end-to-end encryption if the user turns it on explicitly, so journalists should ensure that they have activated the encryption.
Being more secure while using WhatsApp and Signal
-
Using encrypted messaging services is excellent but journalists still need to think about how much data they are carrying within those messaging apps, for example old messages and any archives or files they might have saved from the apps themselves. This is especially important if journalists are at risk of arrest and detention and having their devices searched.
-
Work with the journalists to create a plan for backing up content from messaging apps on their phone and deleting it. One of the easiest ways of doing so is to use disappearing messages (more below) for most messages, take screenshots of important messages so that they aren’t auto-deleted and store them in a safe place, for example in the newsroom. It’s also easy to export archives of WhatsApp messages (but unfortunately very difficult to do so on Signal).
-
Some messaging apps, such as WhatsApp, allow for end-to-end encrypted backups to the cloud. This will ensure that their content can not be accessed should someone else take control of their phone number and install the app on a new device, and prevents the cloud provider (such as Google Drive or iCloud) from reading the content of those chats, either. Encourage journalists to end-to-end encrypt all of their chat backups or, if this option is not present, disable cloud backups altogether. Remind them to keep the backup password in a safe place, since they cannot access their backups without it.
-
There are a number of features that journalists can turn on to secure their messaging apps and the content within them. More information on this can be found in the resource section of this guide. Some examples include:
- Setting disappearing messages.
This will delete a message from the phone of the sender and the phone of the receiver within a certain timeframe. Journalists may or may not want to turn this on depending on whether they need to keep the content of their message. If they do want to keep it then they should take a screenshot of the message and then delete it from their phone. Different apps will count the timeframe for disappearing messages in different ways. If you have set 24 hour auto-deletion in Signal, for example, it will delete the message from the sender’s device 24 hours after it was sent, but only remove it from the receiver’s device 24 hours after they read it. - One-time view only photo and video.
This will delete a photo or video after it has been viewed once. Consider whether this is a useful option for journalists who may need to preserve content for evidence or for a story. - Restricting who can add others to group chats
All messengers have group chats, and many of those are used to share sensitive information. Some group chats allow anyone to add new members or to share out an invite link, whereas others require an administrator to approve all new members. Consider doing the latter for sensitive group chats, as it will significantly reduce the chances of someone accidentally or maliciously adding a new member who should not be privy to the sensitive information exchanged therein. - Setting a PIN lock on the account.
This will stop others being able to access the account unless they have the PIN - Setting up two factor verification or the registration lock.
This will stop others being able to register your account on their device without a PIN number.
- Setting disappearing messages.
Completing the risk assessment
When speaking about the risk assessment and personal security plan it may be helpful to touch upon the following:
- Help the journalists think through whom they want to contact and what are the risks associated with contacting them, how sensitive is the conversation they want to have, who may want to obtain access to that conversation.
- Get them thinking about who owns the service they are using, what they are doing with their data, and whether the company passes data to governments. Highlight the importance of reading the company’s transparency reports.
- Stress the importance of having a process for backing up and deleting content from the messaging apps in their phone. Journalists often do not do this meaning they are carrying a significant amount of data around with them on their phone and this puts them and their sources at risk if either of them are detained. Setting disappearing messages may be useful for certain conversations, but taking screenshots, keeping those in a safe place (so maybe in their newsroom rather than on their phone if there is a risk of detention and device searches) and then deleting the chat from their app might work better if the journalist is looking to preserve evidence of the conversation.
- Highlight the danger of group chats with many participants in them. Explain that these can be infiltrated by governments and others who will take screenshots of the conversations and/or try to infect devices by posting links containing malware.
- For those at risk of being infected with spyware, explain that using end-to-end encryption will not protect their communications if the device itself is infected.
- Remind journalists that end-to-end encryption will not protect them if they or their interlocutors are compelled to unlock their devices—or even if somebody looks over their shoulder while they are writing.
Common questions asked
Below are some questions that journalists ask about safer communications. It can be helpful to have answers prepared for these in advance.
Which messaging app is the safest?
To answer this question, the journalist will need to think about who they want to speak with, what they are speaking about, and who is interested in obtaining that data. Explain that there is no such thing as one secure communication method instead each case is different based on the individual risk of the journalist and the source.
How safe is WhatsApp?
There is a lot of confusion around the security of WhatsApp. It can be helpful here to tell the journalist that the encryption for WhatsApp was created by Signal so the issue is not the encryption but the metadata. At the same time, WhatsApp is so common in most communities that few will look suspicious in using it or having it installed on their devices, while Signal is less common and its presence could arouse suspicion in some circles. Have the journalist walk through a risk assessment to consider whether WhatsApp is the most secure option for them.
I used to use WhatsApp but I moved to Telegram, was that a good choice?
This depends on the risks that the journalist faces. If the journalist is using Telegram for public facing work then the risk should be minimal. Telegram is also the only current messaging app that allows users to hide their phone numbers which is helpful if they need to participate in group chats. However, users should be made aware that end to end encryption is not turned on by default. In general, if they are looking to hold sensitive conversations then they should opt for end-to-end encryption which is turned on automatically, such as WhatsApp or Signal. Telegram has also been criticised by many security professionals for its communication regarding encryption and its handling of metadata. For those reasons, we generally recommend against using it for sensitive communication, unless there’s a strong reason to do so, such as sources only being willing to talk through it, a strong need to hide phone numbers, or nobody in the community using alternative messengers.
I’m using Signal but nobody else does, why?
Ascertain who the journalist wants to speak to and what about. Sources that live in rural areas and have poor internet bandwidth, people who are not familiar with technology, and sources who are very busy may not download and use Signal. Explain that for the majority of people using WhatsApp is a secure and convenient form of communication unless they are concerned about a US government subpoena for their data.
How can we communicate more securely on our team?
Ask the journalist to complete a risk assessment for their team. This should include whom they need to communicate with, whether they need to share documents, and who is interested in obtaining their data. Based on the risk assessment the trainer should guide them towards choosing either one tool or a range of suitable tools for communicating.
Learning outcomes
At the end of the session journalists:
- Will be able to choose which communication tool is safest for contacting others based on who they are speaking to, what they are speaking about and who would be interested in obtaining access to that conversation.
- Will understand the benefits and drawbacks linked to different forms of communications and how they are exposed to more or less risk as a result.
- Understand how to turn on security settings for their communications tools and when to use them based on their risk profile.
Templates and tools
The following templates and tools can be useful for teaching this session:
- Different options for secure communication tools based on the individual needs of the journalists. Guidance on this can be found in the section Training digital security for the first time, found at the beginning of this chapter.
- Risk assessment template
Resources
The following resources may be helpful for teaching this chapter:
What should I know about encryption? by the Electronic Frontier Foundation
How to use Signal for Android by the Electronic Frontier Foundation
Upgrading WhatsApp security by Freedom of the Press Foundation
Locking down Signal by Freedom of the Press Foundation
Communicate privately with Signal by Consumer Reports
Activities
The activities below are designed to accompany this training session on safer communications. Trainers should feel free to use their own activities as well as to adapt the materials in this guide to best suit the needs of the journalists they are training. The number and type of activities selected will depend on the level of knowledge of the trainer as well as the amount of time the trainer has to spend with the participants. For those new to training in digital safety, don’t forget to review the section, Training digital security for the first time?, for best practice guidance.
Getting started
Talking about communication
| Learning outcomes | Time | Difficulty level | Resources |
|---|---|---|---|
| Journalists have a greater understanding of how they communicate with others and how that puts them more or less at risk. | 20 - 30 minutes | Low | Whiteboard or flipchart, Board pens |
Trainer note: be aware that some journalists may not feel comfortable discussing the questions involved in this activity. Ensure that they know that this is optional and if they do not want to speak personally about the subject they could talk about the situation for journalists in general.
❶ Step one
-
Write up the following statements on the board and ask the journalists to work in small groups to discuss them.
- I use my personal mobile number for work
- I know what a risk assessment is and I complete one before working on a story
- I have been in contact with people who could cause me either physical or digital harm
- I worry about the government obtaining information about who I speak to and the content of those conversations
- I feel confident about the tools I use to communicate with others. I understand how they keep my data safe and who has access to it.
-
Facilitate a class discussion on the statements and ask journalists to note down any issues they have concern about, for example, the journalist may be in touch with sources who have threatened them. Ask them follow up questions, including:
- What did you learn from doing this activity?
- Did you learn anything surprising?
- Do you feel the way you communicate with others is risky? What steps would you now like to take to be safer?
Knowledge building
I How safe is this service?
| Learning outcomes | Time | Difficulty level | Resources |
|---|---|---|---|
| Journalists learn about how their own personal risk and the risk links to their sources is an important factor when it comes to choosing a particular method of communication There is a greater awareness around how secure and how insecure particular methods of communication are Journalist are able to make informed decisions around what service to use when communication with others based on an understanding of the risk |
90 minutes | Medium | Whiteboard or flipchart, Board pens, post-it notes, PPT slides and examples of security issues with communications tools. |
Trainer note: best practice for this activity can be found in the Training digital security for the first time? section, located at the beginning of this chapter. The trainer needs to have a good knowledge of the tools mentioned and any possible security issues related with them
❶ Step one
- Put the class into small groups and hand out a pack of post-it notes per group.
- Ask them to write down, one on each post-it note, the names of different services they use to communicate with others. Give them an example to get started, for example, iMessage. Encourage them to think of other platforms they may use in the office, such as Slack.
- Write up on the board the following headings:
- I trust this service with my communications
- I do not trust this service with my communications
- I am not sure about this service
- Invite the class to discuss the services they have chosen and then invite them to place their post-it notes in the column they feel best represents their view. For example, WhatsApp might go in the heading “I am not sure about this service.”
- Ask the class to circulate and look at the post-it notes and to group them. For example, four out of five of the groups in the class placed WhatsApp in the category “I am not sure about this service”. These post-it notes should be placed together.
- Use the content on the board to facilitate a discussion around the communication tools. Highlight any tools that they might have missed. Look at our resource guide for guides on services and privacy. Consider using the following questions:
- What common trends can you see?
- What services are people most concerned about?
- Do your views differ from others in the room?
❷ Step two
-
Tell the class that the second and third part of the session will look at debunking some common myths around communication tools as well as teaching a good decision making process around choosing how to communicate with others.
-
First it’s important to get journalists thinking about the following:
- Who they are talking to and the risks associated with that
- What they are going to be talking about
- Who would be interested in obtaining information about that conversation.
-
Then give them a brief overview of what encryption means when it comes to communications. You can find resources to help you with this in our resource guide. Talk about:
- Encrypted in transit but not on the server (TLS)
- End-to-end encryption by default
- End-to-end encryption needs to be enabled manually, is not on by default
- Any security issues arising from these
-
Teach that choosing what service to use can also depend on who owns the service, where it is based, where the servers are based, how they store data, and how safe the data they share with that service is. More guidance on this can be found in the beginning of this chapter. It can be helpful to discuss:
- The importance of researching the service to answer the above questions
- Does the service use end-to-end encryption
- Whether the company passes information to governments and how to check that using transparency reports plus internet searches for news on collaborations between governments and companies
- What metadata is and how it can put journalists at risk
❸ Step three
- Now turn the journalist’s attention back to the tools they posted up on the board. Put them into groups and assign them a communication tool to research, for example iMessage or Signal.
- The journalists research the tool using the questions they learned about in step two. Ask them to present their findings to the class.
- Look at the rest of the tools on the board and walk the journalists through the pros and cons of each one and identify the risk with each one. It can be helpful to have some examples of how adversaries obtained the communications of those who used those tools, if such information is available. Did they subpoena the company? Directly obtain the information during a device search?
❹ Step four
- Close the session by asking the journalists what they learned from this
- Did they learn anything surprising?
- Do they feel more confident now when choosing a service to communicate with others?
- Are there any tools that they now would not use or would use based on today’s session?
- What steps do they now need to take to be more secure?
II Best practice for securing messaging apps
| Learning outcomes | Time | Difficulty level | Resources |
|---|---|---|---|
| Journalists learn how to take steps to better secure their messaging apps | 60 minutes | Advanced | Whiteboard or flipchart, Board pens, case study from this chapter, PPT slides created by the trainer |
Trainer note: best practice for this activity can be found in the Training digital security for the first time? section, located at the beginning of this chapter. The trainer needs to have a good knowledge of the tools mentioned and any possible security issues related to them. The trainer can use the case study at the end of this chapter for this exercise.
❶ Step one
- Ask the journalists what they are currently doing to better secure their messaging apps. Ask them how useful, easy or inconvenient these steps are.
- Speak with the journalists about why it is important to turn on extra security features. Tell the journalists they are going to discuss a case study that highlights why it is important to activate the extra safety features on messaging apps.
- Allow time for the journalists to look at the case study and to answer the questions in groups.
- Walk the journalists through some of the extra security features for Signal and WhatsApp, including
- Disappearing messages
- One-time view video and photo
- Two-step verification
- Registration locks
- Security code notifications
- Backups
- Limiting who can add you to group chats
- Community features on WhatsApp
- Regularly reviewing what other devices are linked to the account
- Talk about other features that could affect their safety, such as their profile photo, having their status available for others to see online etc.
- Highlight when it may or may not be safe to use some of these features, for example, having disappearing messages turned on may make you look more suspicious. In other cases, using disappearing messages or deleting data could also lead to legal problems for journalists who are accused of destroying evidence.
- Discuss how mechanisms such as disappearing messages do not prevent all kinds of information leaks. A journalist’s interlocutor could still take screenshots, photos, or videos of the messages. Someone could likewise look through a device and messenger apps before the disappearing messages timer is up.
- Wrap up the session by asking the journalists
- Did they learn anything new?
- Did they learn anything that confirmed something they already knew?
Personal security plan
Completing the risk assessment
| Learning outcomes | Time | Resources |
|---|---|---|
| Journalists think through their individual risk and the risk associated with a particular story when carrying out online research. Journalists are able to think through mitigation for those risks. |
20 - 30 minutes | Risk assessment template |
This section should help journalists better understand the risks that they face and get them thinking about concrete steps for mitigating that risk.
❶ Step one
- Tell the journalists they are going to work alone to complete their section of the risk assessment titled safer communications.
- Journalists should work on answering the questions and providing concrete steps for mitigating risk.
- Support should be provided should they have questions, doubts, or look like they need additional help.
❷ Step two
- Help journalists reflect on the process by asking the following questions:
- What information have you learned in today’s session that has helped you make more informed decisions around choosing safer forms of communication?
- What else do you think you need to learn?
Case studies
This case study accompanies the course material and provides journalists with real-life examples of digital threats against media workers. The case studies can be used to promote discussion around different types of risks as well as serve as a way to teach journalists steps to better protect themselves and others.
Our writeup: Case study on safer communications
VICE’s writeup: How a third-party SMS service was used to take over Signal accounts