New project site up and running

The concept note site is now live at poison.kitchen.

UPDATES

A PGP key and a couple emails addresses
We’ve set up contact email addresses and PGP keys. More easy to use forms coming from these two ingredients soon, but in the meantime. Find both here.

FINGERPRINT
779D 75C4 3CEE 7ADA 9E86  1049 0334 9543 55AA 9797

On Github
It’s just a few markdown pages for now.

Follow @drew3000 Watch Star Fork Issue Download

Cooking up a Poison.Kitchen

Long ago, in the early ’00s, I made a website. It was called poisonkitchen.com, and I’ll get into why it was called that a few lines later. It was one of the first websites I ever created, while still working in newspapers as a reporter and editor. The purpose of this thing was to create a space for fellow print reporters to dish information about work and life at their news organisations, in an age when newspapers were declining in revenue and quality far before the internet was perceived a serious threat.

I never kept a local copy of it, because that seemed kind of pointless. Here’s a Time Machine capture of it in it’s earlier days as a a static html page site. Later on, I remade the site adding a blog made with pMachine (The internet archive doesn’t display that unique code too well), and some php forum script. The forum was the main point; It was picking up where a previous site, called News Mait, had left off when it closed. The site had its regulars, but over time, as many single-purpose niche sites run by one person in their spare time go, it’s useful its useful lifespan was limited. Other sites better at handling the topic of toxic newsroom working environments moved in. I let it the site go. Closed it, and transferred the domain to someone who said he was going to “do something” with it. He never did.

testycopyeditors.org was just one site that did a similar thing, but more entertainingly.

The domain is still owned, but pointing to nothing. It’s booked and locked for some reason, but hasn’t actually ever been used in more than 12 years(!). I’m not entirely sure what the owner is hoping to achieve, though a movie option could be one possibility. Anyway, that’s not a huge deal or the point of this post. I digress… often. Recent events reminded me about the domain name, though. I was in Berlin the other week and the news was all about U.S. President Trump’s latest attacks against the press. An independent press is under attack by the executive branch of the U.S. government. More so than in any other time in recent history.

So, what’s with the slightly creepy sounding domain, then? My choice of the domain all those years ago was based on the pejorative that Hitler had dubbed the Münchener Post (Munich Post), an adversarial newspaper that critiqued each of Adolf’s speeches and investigated his every political move up until and including the day before the SS were sent to close the paper and arrest it’s staff. The editor’s last instruction to his staff upon publishing the final addition, allegedly, had simple been, “run.”

The Nazi regime had dubbed the Munich Post ‘fake news’, and tried various means to block the paper’s journalists from covering politics. Ultimately, once power had been concentrated, it was banned, published anyway, and arrest warrants were issued against many members of the staff.

This may not sound like an entirely uplifting story arc, but I found the narrative inspiring. I had come by this piece of great journalistic history while reading a chapter about it in Explaining Hitler by Ron Rosenbaum, long before I’d thought of starting a website called ‘Poison Kitchen.’ But once I read it, I decided it would make a great sounding website of some sort.

The point of naming the site poisonkitchen.com was that people went into journalism for aspirational reasons that seldom ended up matching the reality. Newspapers didn’t push hard enough in the lead up to the election in 2000, and this was what had led (at that time) to President George Bush winning a demonstratively flawed vote. He didn’t have much use for an investigative press, either.

The situation today seems to once more tick all the right boxes, only more so: We now have a deranged, conspiracy obsessed, authoritarian president in the U.S. who targets segments of the population with hateful rhetoric, attacks the press, tries to enact draconian laws against immigrants, employs vast propaganda to pursue his goals, and doesn’t seem to like an independent judiciary, either. He also took office with a minority vote and seems to not like being reminded of that. He may have tiny hands, an orange complexion and cartoony hair, but  to be honest, these aspects are the least of our worries.

A forum isn’t going to cut it. But I spent last week getting some interesting notions at the Internet Freedom Festival on what just might. The media landscape has changed, the web as changed, and I’m in a different place, too. As a technologist who now works with journalists on issues of secure hosting, web applications and digital safety, I think I have use for a Poison Kitchen domain again. I can’t have that .com, but that’s okay, because domains have changed, too. So, there’s poison.kitchen.

Don’t rush over there now, there’s not much to see. Here in my mini-launch manifesto, I’m just going to lay out some concepts that the domain’s eventually arriving website will  be exploring.

Premise

There are two parts to this. The first deals with the safety and confidence of the potential whistle blower, or anonymous source of the information. The second has to do with how well that information is used in coverage.

  1. Not everyone wants to be famous/notorious. Not everyone who would share newsworthy but highly sensitive information wants to be an Edward Snowden and allow this one act be what defines them. Chelsea Manning didn’t want to. From Jeremy Hammond to Mordechai Vanunu, we’ve seen examples through history where people paid a high price to make the world more aware. Mathematically speaking, if those people exist, then there are likely many others who have access to information they would release to a journalist, but would rather not give up their family, friends, income and entire way of life in the process. That should be possible.
  2. Sensitive information in talented hands has more impact. Snowden’s NSA files leak were more useful because they went through talented investigative journalists, first. The Panama Papers leaks became more impactful because of how the story was handled by ICIJ. How much better and more accurate would the coverage of the CIA ‘hacking tools’ leak be, had it been released first to knowledgeable technology journalists? Helping sources self select the right journalistic contacts should be posible.

Ideas/notions

These are some ideas based around the two items mentioned above.

  1. Build source confidence in methods and tools and the journalists they reach out to.
    Encryption tools and technology overall have taken a bashing over the last few years. It’s time to bash back. Yes, there are suitable, and safe ways to transmit a piece of information with reasonable expectation of both privacy and anonymity. No, it’s not single-app, one-click, or “It Just Works“™ easy. Outside of that, a source needs reasonable confidence that the journalist will treat what they share carefully, which many journalists may want to do, but may not know what it involves.
  2. Combine all the known resources, guides, templates and risk assessment tools to enable sources to contact specific journalists of their choice more securely.
    As the story that’s now in both myth and legend goes: Edward Snowden needed to work at it for more than a year to get Glenn Greewald to spend an hour setting up encryption keys for an email address. There are now guides, tools and how-to things all over the web on setting this up, but it’s really just one way of reaching out to a journalist, or being a journalist who wants to hear from a source, and it may not be your way, or the correct way for your situation. This is aimed at sources to be able to confidently reach journalists and transmit information.
  3. Implement secure contact pathways of communication for independent/freelance journalists and their sources.
    The New York Times, Guardian and other large news organisations have the facility to manage in house highly secure systems, such as Secure Drop. Investigative, freelance or independent journalists may not have these resources, but they do often have specific areas of deep knowledge, and can sometimes be better placed to receive confidential information on a topic that is their primary focus. Over the longer haul, The site’s goal would to take advantage of existing secure contact methods to create a gateway between sources desiring higher levels of off-record care and attention, with qualified journalists of their choice who agree to an ethical framework for dealing with confidential source material.

UPDATES

So there’s the concept note. Interested parties are welcome to drop a line. Watch this space.

There’s a Github Repo to track.

Digital risk assessments and threat modelling for journos

This is where I’ll be tomorrow, Wednesday the 20th of May, at 1 pm GMT, with Tactical Tech‘s Daniel Ó Clunaigh.

Digital security for journalists has become much more of a mainstream topic in the last couple of years. But while it’s becoming more commonplace to acknowledge the potential threats, knowing how to start addressing them can be a daunting task. In this Digital Security Surgery for Freelancers I’ll talk with Daniel on how to identify and deal with digital threats. Here’s a blog I wrote about what’s on. You can post your questions there in the comments area, use the #RPThangout hashtag, or add them to the Hangout page itself.

This is the start of RPT’s Digital Security Surgeries, where the plan is to bring in different specialists to talk directly to freelance journalists about how they can actively take more control of their exposure to digital safety threats.

Fractures in the rebel alliance

It’s been an on-it week, so to speak, with regards to an oft returned to topic on the ol’e  blog. Friday through Sunday I was camped out at the Barbican Centre here in London for The Logan Symposium, organised by The Centre for Investigative Journalism with the subtitle/action point:  “Building an Alliance Against Secrecy Surveillance and Censorship.”

This would be a marvellous achievement, and really it is something that seems to be emerging to some extent, in part thanks to summits such as this one taking place last weekend. Still, there’s trouble on the line. Our alliance is a fractious one, riven with in-fighting, ego, varying degrees of technological literacy, paranoia, defeatism and the occasional bizarre leap in logic. Meanwhile, it’s benefited by driven people bringing in diverse talents like programming, design, psychology, education, activism, counter-intelligence, research, massage therapy and whatever anyone’s got to offer.

Attendees of  #LoganCIJ14 received a limited edition copy of this TCIJ guide. It's also online. (Photo by Silkie Carlo via twiter)
Attendees of #LoganCIJ14 received a limited edition copy of this TCIJ guide. It’s also online. (Photo by Silkie Carlo via twiter)

This blog isn’t going to be a blow-by-blow of the  whole programme. Get that here and here.  For notes, quotes and quips from the Logan Symposium, check out Oliver Smith’s post or the Online Journalism Blog post. The Guardian’s Live blog offers several sometimes heated turns of the screw, including some sucker punches aimed at itself.

First, this post is about why people fight for the issue. Second, it’s about why people fighting for the issue are fighting one another. We’ve got a trio of re-occurring examples to take a look at on that count. But do visit the Logan Symposium site. Look up the talks and the talkers. All of them are amazing, inspiring and worth following.

Why be concerned about data and its misuses? Why should you, likely with “nothing to hide” give a shit? I’ve got nothing to hide as well, so I’ll take a stab at it:

For now, put aside the twin beasties of the NSA and GCHQ. We worry about spooks not just for what they represent to society, but because of who they report to. Some points:

1) Overall:  Laws are shifting globally with a trend away from democracy, civil liberties and human rights. Freedom House’s annual “Freedom on the Net” survey “finds internet freedom around the world in decline for the fourth consecutive year” (and still gives the U.S. too high a ranking). That’s on par with it’s overarching “Freedom in the World” survey, finding for the eighth consecutive year “more declines in democracy worldwide than gains.” Too much democracy. Gotcha. Enough of that.

gchq-does-not2) Little Britain: The UK is protesting interference from Europe, mostly around laws that protect British citizens.  What amazes me about UKiP leaning voters is that they seem to want the UK to have the right to treat them more miserably.  And it’s working in the name of fighting the immigrants, or terrorists, which seem to be mentioned fairly interchangeably. So less freedom. People are voting to give it up.

The British government’s Section 7 of the Terrorism Act 2000 makes it particularly risky to be an investigative journalist here. And even if that one doesn’t apply, you may still end up on British police list of “Domestic Extremists” for simply acting like a journalist.

3) That place of the Arab Spring: Egypt, United Arab Emirates, Yemen and several other countries in the region are taking stronger stances against large sections of their own populations. This news is often reported in Western media with a shrug and a wink, so let’s be sure to notice that our special friend and “only democracy” Israel is on trend, working on changing its laws to be strictly identified as a Jewish Nation State. If you’re a Druze or a Palestinian Muslim or Christian, you’re country’s about to be a little less about you than it already was. What will that mean after the next election?

4) The empire: The U.S. continues the long wake-up to a nightmare, in which it realises how little the government is accountable to its citizens. The NSA is spying on you, but the CIA is physically torturing folks. Neither of them are actually stopping physical threats to the population, but remember, the NSA is telling the CIA where you are through your Whatsapp and your Uber. Maybe under old rules you weren’t a person of interest, but under new rules you could be.

Jeremy Scahill: "Specific individuals are being targeted, even though the United States doesn't know their identities."
Jeremy Scahill: “Specific individuals are being targeted, even though the United States doesn’t know their identities.”

The point is, even if you’ve somehow lucked into a happy land of equality and freedom (Hello, Icelandic reader), governments change, laws change, and yet everything you’ve done in the past that’s been recorded and categorised will remain fixed but subject to reinterpretation.

Jacob Appelbaum noted in his talk via video not using Skype that people equate privacy with liberty and free speech, and yet they’ll also be the first to admit that privacy is dead. Privacy is liberty: It’s the ability to choose who you speak with. Free speech includes being able to control who you want to listen to what you’re saying.

So things are complex, and people on the same side of the fence squabble about whether you should use Skype or not when talking to your sources on that news story, or whether having an encrypted email paints a big target on your back, or if you even need to worry about the Western big bads when you have more pressing local issues. Let’s take a look at some of the conflicts and sort them out.

Myth 1: Skype is easy to use and you’ll blend into the noise
First off: millions of people use Skype. I use Skype on a couple of machines. Skype has its uses. Most of those uses exist because people are asking to talk to you using Skype. It’s free and quick. But I’d never use Skype with a source on a news story, to conduct a meeting on direct action strategy, or to talk with or about someone targeted by this or that regime or various colourful non-state actors.

I maintain a wall on contacts I don’t want imported into Skype, use different Skype accounts, and use different operating systems without Skype for work I don’t want effected by Skype. That Skype is both quick and free makes it not easy. Actually, Skype is quite complex to use. It requires a whole risk assessment.

Skype's report card from EFF.
Skype’s report card from EFF.

At a Logan Symposium session on Friday,  Ross Anderson suggested that Skype could be better than using PGP to talk to sensitive sources. His argument in summary: You can both create a fake user name account to hide your identity and you’re one-off communication will blend into the noise of millions of Skype users. If you use PGP or security-specific tools, you may stand out, he said. A lot of people left that session repeating what Anderson had said on the topic, there and on Twitter. For the next two days, every time Appelbaum chimed in about anything, he made sure to include a mention of why he thought this was patently not true.

Both individuals are far more knowledgeable and intelligent on the topic than I am, and I still use Skype… sparingly. And that’s what makes it complicated, because Skype wants you to use it all the time.It’s designed to get you to use it all the time, and it’s technically insecure.

The way your unique data is collected is what makes you actually stand out of the crowd so long as your chats or contacts trigger any number of “selectors” that are being looked for. You can easily stand out based on your identity, where you’re communicating from or to, who you’re talking to, the kind and size of files you’re sharing, time stamps, IP addresses, the technology you’re using, and on and on.

Skype is not so easy to use if you apply it to any reasonable threat model around working in journalism, human rights, activism, or anything that is or could some day be of interest to authorities. Here’s a possible use: Agree to meet on Skype voice to instruct someone how to use a stronger tool for communication in the event you can’t meet in person. Use another more secure other tool for your text chats and file exchanges, or simply switch to more secure things like Ostel or Jitsi for privacy, and something like Cryptocat or the like for anonymity.

Using these more secure, open source peer-reviewed programs will simplify your life. You won’t “stand out” any more than you already do with Skype, really, and if you are selected you may be thankful that there’s less of a chance that a searchable record of what you were talking about or to whom remains available.

Share files through volatile means like onionshare or filetea. Mixing your channels of communications adds strength and these are easy, no password, disposable methods of communication with encryption and deniability. You’re source will be safer than they would be on Skype.

signal-redphone-eff

But this shouldn’t be about one app. It’s not whether Skype is safe, because you don’t want to repeat this process with every shiny new piece of tech that comes along. It’s about application’s functional and technical structure, the business model of the company that makes it and how it views its users. If you look at it this way, you’re answer about whether you should use Skype will be the same with regards to whether you should use Viber, but possibly different from whether you should use something like Signal or Red Phone.

Myth 2: Using encryption is difficult
This was uttered in a few corners around the Symposium, both on and off stage. Digression: Long ago, back in 1992, there was a media controversy about  a talking Barbie doll. One of its many pearls of wisdom was “math class is tough.” That’s a curious thing to say on the topic, instead of maybe: “maths class is fascinating,” or “prime numbers are what is left when you have taken all the patterns away. I think prime numbers are like life. They are very logical but you could never work out the rules, even if you spent all your time thinking about them.” (Okay, that’s Mark Haddon)

Relating the digression: Whenever someone sloughs off encryption as “too difficult” at one of these events, I uncontrollably see Barbie’s plastic head on their shoulders for a few seconds. Generally they’ll move on to say something smart and it goes away.

Feminist hacker Barbie in action.
Feminist hacker Barbie in action.

When you dismiss encryption as too difficult, you’re taking a person’s power away. You’re robbing them of the opportunity to see for themselves whether a potentially useful skill is actually too tough for them to pick up. In most cases, I’d argue it’s not, and you’re being a part of the problem. Encryption is complex, but that’s not the same as being difficult to use.

Sure, bashing out your own cipher or hashing algorithm from scratch that will stand up to AES requirements is a tall order. But that’s not what we’re talking about. And unless, you’ve got a special fetish for it, you don’t need to fire up the Unix terminal to secure your files, folders or emails. There’s software that makes it much easier. There’s Thunderbird+Enigmail. There’s GPGtools. There’s GPG4Win. There’s Portable PGP. There’s fucking Mailvelope.

And there are even quicker chat programs to use that don’t require messing about with the actual encryption keys at all, for complete off-the-record, forward security conversations.

Yes, there’s a learning curve to get over. There was also a learning curve to drive a car, swim, pick up a new language, spell words in your own language, mix a decent Tom Collins, and etc. There are habits and behaviours to pick up, and ways to suss out if you’re choosing the best app for the job. But that starts with curiosity and interest. You’re squishing the life out of those when you say “it’s too difficult.”

There’s enough senseless fear mongering about technology as it is, without adding to it with more nonsense.  Properly used, strong encryption works. Learning how to use it can be done in a relatively short time. A complete understanding of the math and theories underneath is like diving into prime numbers: Possibly interesting, but unending and not required.

Myth 3: You live in a liberal democracy, so you can relax
People in various sessions and side discussions were right to point out that there are more threats than the Big Bads in the U.S. and UK. There’s China, there’s Russia, there are Mexican cartels and Islamic terrorists. There are financially driven criminals, moneyed despots, corporations and so on. Some argued that because we’re where we are, we have less to worry about than others. This is dangerously inaccurate.

The NSA paid Sweden Denmark Spain to set listening Spy stations. (photo from the Logan Symposium by Ian Puddick)
The NSA paid Sweden Denmark Spain to set listening Spy stations. (photo from the Logan Symposium by Ian Puddick)

Your data moves along servers and through networks sitting under multiple jurisdictions around the globe. Some of these networks are weaker than others. Some of these governments are more invasive than others. It’s what Maria Xynou, a researcher at Tactical Tech dubbed, “The False Dichotomy of Better and Worse Spies.”

It goes like this: Some people may look at the U.S. and China on the Freedom House site (for example) and decide, “I’d rather be spied on by the Americans…than, say, the Chinese” (Maria’s example).  Thinking this way could put you or those you’re trading information with at risk. Maria writes: “intelligence agencies around the world collaborate and routinely share intelligence data. In some cases, such intelligence sharing has had major consequences and has resulted in extrajudicial killings. In these cases, the collectors of the data, the spies, have not been held accountable for collecting, aggregating and sharing this data.”

Thinking in terms of national identity makes things more complicated. You need to learn multiple legal systems and several other things, and sometimes guess which will apply to you. Thinking in terms of cross-border networks makes life easier: How many other parties (the quantity and variety of which you have no control over) do you want seeing what you’re talking about? Encrypt it.

One of Seymour’s soundbytes from the Logan Symposium, smacked on top of a Marjorie Lipan photo.
One of Seymour’s soundbytes from the Logan Symposium, smacked on top of a Marjorie Lipan photo.

Glenn Greenwald Keynote on 30c3

I’ve been able to listen to two livestream Glenn Greenwald addresses. At the Frontline Club awards, he was a little rough on fellow journalists and, more so, the news outlets who employ them. Above, today in Hamburg, Glenn Greenwald’s keynote address to hackers at the 30th Chaos Communications Congres (30c3) alternated between inspiring and a big group hug. The audio gets a bit sketchy, but it’s worth struggling through. He’s very gracious about his debt to the experts who have kept his work secure, and he’s got a lot of good advice on making things better for people who do the kind of work he does.

A freelancer’s mobile protection workshop

 Rory Peck Trust brought a group of freelancers together with Guardian Project people for a chat on mobile phone security in the field. This is the Trust’s first Google Hangout. The video is below. I gabbed more about it here, already.

The Guardian Project and Rory Peck Trust

Freelance journalists’ most handy tool is often their mobile. Unfortunately, it’s also the leading way for the people, governments or organisations they’re covering to track journalists, identify their sources and uncover their scoops.

 

 

The #safetystream tubes

The other day I worked with Rory Peck Trust, Frontline Club and the Frontline Freelance Register on a series of live talks around safety while reporting in conflict zones. The chat continued for a while on Twitter (see below) and there’s another chance to catch more about digital security next week with FFR and the Helen Gurley Brown Institute.

See more at my other blog post.


The Skype security conversation is interesting, and worth having. I ranted more about it over here.