Investigative reporters face a two-fold challenge: surveillance software has become mind-bogglingly sophisticated; and funding is pouring in for development of new technologies. These new products are purchased gray market by governments that spy on their public – and their press. Robert Guerra, a digital security expert at the Canada-based , warns that most reporters aren’t even taking the most basic precautions. “If you become known for investigative reporting, people can use digital tools to come after you and your data,” says Guerra, who for more than a decade has trained NGO staffers and journalists to securely manage relationships and data online. “Start with the principles. Know the risks. There are some simple things folks can do. ”

Guerra suggests starting here:

  • If you travel to a country known for spying on the media, don’t rely on an email provider based there.
  • At home, use a secure provider – you can tell if your email is secured by looking for the “https” in the address bar. Gmail is secure by default, while Yahoo and Facebook settings can be adjusted. Why? If you use a free wireless network, anyone can tap into your screen with a simple and free software program. That’s a problem if you’re communicating with a source. It’s as if you were in a busy public place having a conversation with a confidential source, Guerra explained, “but you’re both screaming. ”
  • Don’t assume your employer is protecting your account. Ask your technology desk about what precautions it takes, and consider getting a personal account from Google or Yahoo over which you have control.

If you have Gmail, everyone knows your User Name. So a hacker only needs your password. An obvious first step is using a more complex password. There are guides to creating stronger passwords listed below. Also, for more sensitive interactions, Gmail, Twitter, and Facebook have added an additional – optional – layer of protection – the two-factor login. When you activate the two-factor login, and enter your password, the account sends a text message to your phone, providing you a unique authentication code you must enter before accessing the account.

Establish multiple user accounts on your computer, including at least one user account in addition to the default administrator account. Making sure the second account has no administrative privileges, then use that login for your daily work. Then if malware tries to install automatically, the computer will alert you with a message requiring the administrator password.

  • Beware of suspicious attachments, keep your programs updated, and install a good antivirus program. Usually programs you buy will provide greater protection.
  • Watch for emails from groups or people you might know, but which seem slightly off – small grammar changes or odd punctuation.
  • Mac users, avoid being lulled into a false sense of security.
  • Outdated computers without security patches can put you on greater risk.

Make noise if your computer starts acting wacky. Reach out to one of the nonprofit groups dedicated to detecting and tracking attacks and training users. They include:

  • Access Now runs a 24/7 available in seven languages.
  • , based in New York, advocates on behalf of reporters around the world and fields requests for assistance.
  • based in Paris, does similar advocacy as CPJ.
  • at the University of Toronto, researches Internet security and human rights.

Tutorials and Tipsheets

There’s no shortage of guides to digital security. Many are overly complex and not terribly useful for working journalists. But there’s help out there, and it’s worth designating someone on your team, in your newsroom, or at your nonprofit to take the lead in ensuring that your work is protected. Here are some resources:

 offers a series of video tutorials on simple ways to maintain a low online profile. Available in French, Spanish, Italian, Portuguese, Russian, Arabic, Armenian, Croatian, Ukrainian, Serbian, Albanian, Bosnian. The Committee to Protect Journalists addresses cyber security as part of its. Reporters Without Borders also has published an , available in five languages.  is a guide published by a dozen media-related NGOs, including Free Press Unlimited, Freedom House, Global Voices, and Internews. provides  to protecting your data. It also has a few other tips and tutorials on keeping your data safe:

  • : Choose strong passwords using , avoid reusing passwords, consider using an encrypted virtual safe or , avoid giving easily found answers for security questions, using two-factor authentication passwords. If you write passwords on a piece of paper in your wallet, make sure to add dummy characters before and after real passwords, and don’t clearly label accounts. Don’t use the same password for multiple accounts. And change the passwords regularly.
  • You should not destroy evidence, but you can maintain a retention policy in which you routinely purge your files. Make sure the policy is written and followed by everyone. Skeptiker der globalisierung bestätigen zwar, dass sich die möglichkeiten der kommunikation quantitativ erweitern und damit auch die integration, aber keine qualitative veränderung erreicht wird. “It’s your best defense against a subpoena — they can’t get it if you don’t have it. ”
  • Basics of data protection: Require logins for accounts and screensavers. Make your passwords strong. Make sure you trust your systems administrator.
  • Governments can get around password-protected data. But well-encrypted data is more difficult. SSD offers another to how encryption works
  • : Use anti-virus software, keep your security patches updated and avoid clicking on suspicious links and files.

Eva Galperin of the Electronic Frontier Foundation via the U. S. Public Broadcasting Service provides  for Best Practices. A few key points include:

  • Skype isn’t as secure as you might think. Governments can track your movements. Instead, consider using 
  • Text messaging is insecure and not encrypted.
  • Instant message with or  (Mac OSX)

Steve Doig, a professor at Arizona State University in the U. S. provides these tips in his presentation  (PowerPoint):

  • Search the web with , which doesn’t save your IP address or search terms.
  • Disguise your caller ID with. This works for international calls as well.
  • Buy no-contract cell phones with cash.
  • Encrypt communications:
    • is strong and an industry standard.
    • encrypts messages in spam-like email
    • Clean out deleted files for good using Webroot Window Washer
    • When obtaining leaked documents from a government source, beware of invisible watermarks.

The London-based Centre for Investigative Journalism has an 80-page handbook, , full of tips and techniques. The UNESCO report outlines 12 specific digital threats “including illegal or arbitrary digital surveillance, location tracking, and software and hardware exploits without the knowledge of the target”. It provides tips on how to keep your data and yourself safe.