Last week I took a Friday trip to the Knight Conference Center at the Newseum for a day focused on the present state of digital security as it relates to surveillance and the news media. The Freedom of the Press Foundation, Open Technology Institute, and Reporters Committee for Freedom of the Press co-hosted the “News Organizations and Digital Security: Solutions to Surveillance Post-Snowden” event, which drew a capacity crowd of technologists, journalists, media development professionals, and a few folks like me who work in the #Tech4dem space.
The star of the event turned out to be none other than Mr. Edward Snowden himself. After the conclusion of the day’s final panel - fittingly a discussion on “Security Lessons from the Snowden Files” - Snowden appeared for a brief Google Hangout with the audience. Like many of the panelists before him, Snowden called for a “change in attitudes towards digital security.” The (in)famous whistleblower stressed the importance, as he did during the initial release of the NSA documents, for a wider social and policy discussion on issues of digital security, surveillance, and potential regulation. After he wrapped up, the crowd took a trip to E Street Cinema for a screening of CitizenFour, a recently released documentary film tracking Snowden during the days leading up to and the months following the NSA leaks.
Before Snowden took the day’s spotlight, the conference kicked off at the Knight Center with a panel focused on the benefits, difficulties, and limitations of real-world encryption techniques. Bouncing between the well-told tale of PGP’s less than intuitive user-design to the reality of many news reporters’ (and sources’) hesitancy to embrace encryption technology, this morning session seemed to conclude that the biggest hurdle to effective encryption, as it stands now, is buy-in and usability. As veteran NY Times investigative reporter James Risen put it, encryption for both journalists and activists is a catch 22. Because (relatively) no one is using encryption, it in and of itself stands as a red flag in many situations. For many, this limitation is enough to close their minds to the technology altogether. Combine this with the traditional resistance to change at the top of many organizations, and the mass adoption of encryption technology seems to be years, if not decades, away. According to Micah Lee, technologist at the Intercept and the man famously tasked with teaching Guardian journalist Glenn Greenwald the essentials of secure communication, these aforementioned difficulties and limitations won’t go away until all the ways that we start communicating are automatically encrypted.
According to the day’s second panel, which featured First Look Media’s Director of Security Morgan Marquis-Boire, the best hope for improved digital security for journalists and activists is to “move away from a tools-based focus.” More important than the implementation of PGP, ChatSecure, RedPhone, or any number of encryption tools is the creation, implementation, and prioritization of a digital security philosophy. According to Marquis-Boire and others on the panel, there needs to exist a certain weariness at attempts to solve “real world coercion problems with code.”