Saturday, 2 March 2013

Whistle-Blowing In Leveson’s Wake

LevesonIT IS NOW EVIDENT that, in the wake of the Leveson Report, the British Press are going to be forced to accept further regulations designed to curtail their investigative freedoms. In particular, the police will be given the power to seize journalistic material and force journalists to disclose their sources. Despite paying lip-service to the rights of whistle-blowers to raise their concerns in the public domain, the British Government is about to remove the last vestige of protection that their anonymity can provide them.

The privileged protection of sources has long been a fundamental right, granted to the Press as a means of protecting democracy. Without it, witnesses and whistle-blowers are placed at the mercy of those whom they accuse – and all wrongdoers are comprehensively empowered.

There is every reason to believe that these draconian powers will be passed into Law, and our prison populations will again be enlarged by journalists refusing to disclose their sources – despite the establishment’s attempts to force them.

Like most journalists, a large number of my own stories have been prompted by off-the-record tip-offs that, these days, I often receive via the internet (especially when leaked documents are concerned).

If I were to attempt to quantify how much of my work revolves around email, I would estimate it to be in the region of some sixty-per-cent – and that figure is largely confirmed by my colleagues’ own estimates. Moreover, the fact is that all those emails, all those transcripts, photographs and stories, are stored on my laptop machine.

Now, journalists are not stupid – especially when it comes to protecting our sources – so it should come as no surprise that my laptop’s drives are encrypted to prevent anyone but myself from gaining access; but the same cannot be said of my ISP’s mail server through which I can be contacted. My ISP can read my email – as can anyone else they grant permission to (or should gain access to my account through hacking).

No one has any control over their ISP, and the police and security services now have far ranging powers when it comes to intercepting anyone’s email. In particular, following an arrest, such powers are far easier to apply – and that has far reaching implications for distant sources that are unaware the journalist that they contacted has been arrested or placed on bail. Should the source attempt to make further contact, then both individuals might be irretrievably compromised.

In the days before email, whistle-blowers could rely upon journalists and the Royal Mail to protect their information and anonymity; but those that now choose to communicate via the internet need to take steps to ensure that they do not endanger themselves, or the reporter, by communicating in a way that can be easily intercepted.

Many commercial organisations now entrust their sensitive information to VeriSign as a robust and easy solution to encrypting emails between two individuals without anyone else being able to uncover what is said; but what whistle-blowers may not know is that they can also create a free VeriSign certificate, valid for 25 days, that can be tied to any email account to provide full encryption facilities. Using that ability prevents anyone, except the intended recipient, from reading the email or its attachments – and the certificate can be ‘thrown away’ after expiry and another created to replace it if needed.

From a journalist’s viewpoint, the VeriSign certificate (costing only around $24 a year) provides a valuable means of allowing a whistle-blower to validate the email account to which their information is being sent (as well as encrypting its content so that only the certificate holder can read it). But, even more importantly, it ensures that any reply, encrypted or plain-text, can be digitally signed by the reporter to assure the informant of its validity, thereby overcoming any spoofing threat. (Any attempt to modify a signed package immediately invalidates the signature).

Installing the certificate is painless, requiring only a valid email address, and it is hoped that other journalists reading this will adopt the strategy immediately – before Leveson becomes unfortunate fact…

No comments:

Post a Comment