Steffen Leidel of the Deutsche Welle Akademie on digital safety and how to teach it to journalists
“[The] Heartbleed bug affects gadgets everywhere,” was an article that CNN ran last month. CNN wasn’t alone in its coverage of the topic. Some people talked about it. Others blogged or tweeted. The message most of them left behind, however, was more or less the same: the Heartbleed bug made us vulnerable.
“How many of you changed their online passwords when you heard about the Heartbleed bug?” asked Steffen Leidel. A few people raised their hand.
They were not a majority.
Leidel is a journalism trainer at Deutsche Welle Akademie, and was one of this year’s speakers at the International Journalism Festival in Perugia. The topic of his presentation: digital safety and how to best teach it to journalists.
Security flaws and awareness
Soon after news about the Heartbleed bug broke, the Pew Research Center interviewed 1,501 people to find out their response to the reported security code flaw. Out of the polled internet users, only 64 percent had heard about the Heartbleed bug, among whom 39 percent had taken measures and either changed their passwords, or canceled their online accounts. Six percent thought their personal information was stolen.
These numbers are already a step ahead of Leidel’s question: “Did this really change anyone’s behavior?” he asked rhetorically. “Not really.”
What’s your threat?
Perhaps the first and main lesson from Leidel’s talk was that in order for journalists to preserve their online safety, they need to be proactive in defining their own threat.
“Understand what’s a threat for you,” Leidel said. “And understand where it is.”
One thing is for sure: There is no one-size-fits-all solution. The threat for each journalist is individual depending on the story they’re working on, the people they’re working with, their location.
“There are no three tools I can give you to secure your online data,” Leidel said. Digital safety is not just about the way your devices are set up; it’s a combination of threat models, tools and habits, Leidel quoted Jonathan Stray, professor at Columbia University’s Graduate School of Journalism.
Threat modeling is therefore particularly important, as it helps journalists map out potential scenarios that could jeopardize their online security.
They know where you are
Surveillance has been a buzzword in the media, especially after Edward Snowden’s revelations last June about the National Security Agency collecting phone and email records of Americans.
When it comes to online security, data from the Pew Research Center show that the polled internet users have rather mixed feelings about the safety of their personal information. While 23 percent said they perceive their online data as “very secure”, 46 percent said it’s “somewhat secure” and 26 percent said it’s either “not too secure” or “not secure at all”.
“Most of our information can be tracked,” Leidel said. “That shows that we’re transparent.” And in the time of all things digital, that may not be the most positive realization, he added.
All he needed to illustrate his point was a recent example from Ukraine. In late January, protesters and journalists in Kiev reportedly received an SMS that read: “Dear subscriber, you are registered as a participant in a mass riot.” It has been widely perceived as a warning from the government.
Don’t get yourself hacked
In Ukraine, a simple text message was used to spread what was considered to be a mass warning. Text messages, however, can play other roles in targeting journalists’ digital safety. Receiving and opening a fake link is an easy way for hackers to get access to one’s personal information.
These are also known as phishing attacks.
Although fake links can be embedded in any kind of communication, phishing attacks very often occur over email or social media channels like Twitter. And the consequences can be quite serious, including the wide spread of misinformation.
In April of last year, the Twitter account of Associated Press (AP) was hijacked by hackers, who took advantage and reportedly tweeted that there had been an attack on the White House and the President was injured. The information had an immediate, though brief, impact on Wall Street, bringing the Dow Jones average more than 120 points.
Clearly, the threat on journalists’ privacy is real. Measures should and will most likely be increasingly taken. But how?
“The measures you take need to be realistic,” Leidel said. “It doesn’t make sense to stop using Google or Facebook, [or Twitter]. In fact, it’ll make you more suspicious if suddenly you change your patterns.” The main goal is for journalists to identify their threats individually and act upon those, he once again stressed.
Closing his presentation, Leidel called up a slide with the sentence “We need more data journalism”. There was a fill-in-the-blank type of gap between “data” and “journalism”. With a click on his keyboard, he made the word “protection” drop down from the top of the screen.
“We need more data protection journalism,” he concluded.
By Mina Nacheva