1. bookVolume 2016 (2016): Issue 4 (October 2016)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Copyright
© 2020 Sciendo

Individual versus Organizational Computer Security and Privacy Concerns in Journalism

Published Online: 14 Jul 2016
Page range: 418 - 435
Received: 29 Feb 2016
Accepted: 02 Jun 2016
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Copyright
© 2020 Sciendo

A free and open press is a critical piece of the civil-society infrastructure that supports both established and emerging democracies. However, as the professional activities of reporting and publishing are increasingly conducted by digital means, computer security and privacy risks threaten free and independent journalism around the globe. Through interviews with 15 practicing journalists and 14 organizational stakeholders (supervising editors and technologists), we reveal the distinct - and sometimes conflicting-computer security concerns and priorities of different stakeholder groups within journalistic institutions, as well as unique issues in journalism compared to other types of organizations. As these concerns have not been deeply studied by those designing computer security practices or technologies that may benefit journalism, this research offers insight into some of the practical and cultural constraints that can limit the computer security and privacy practices of the journalism community as a whole. Based on these findings, we suggest paths for future research and development that can bridge these gaps through new tools and practices.

Keywords

[1] A. T. Garbett, R. Comber, P. Egglestone, M. Glancy, and P. Olivier, “Finding real people: trust and diversity in the interface between professional and citizen journalists,” in 32nd Annual ACM Conference on Human Factors in Computing Systems. ACM, 2014, pp. 3015-3024.Search in Google Scholar

[2] U.S. Supreme Court, “Risen v. United States,” SCOTUSblog, Retrieved: June 5, 2014.Search in Google Scholar

[3] A. E. Marimow, “Justice Department’s scrutiny of Fox News reporter James Rosen in leak case draws fire,” The Washington Post, May 2013. [Online]. Available: http://www.washingtonpost.com/local/justicedepartments-scrutiny-of-fox-news-reporter-james-rosenin-leak-case-draws-fire/2013/05/20/c6289eba-c162-11e2-8bd8-2788030e6b44_story.htmlSearch in Google Scholar

[4] N. Perlroth, “Hackers in China Attacked The Times for Last 4 Months,” The New York Times, January 2013. [Online]. Available: http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-timescomputers.html?pagewanted=2&_r=0Search in Google Scholar

[5] N. Perloth, “Washington Post Joins List of News Media Hacked by the Chinese,” The New York Times, February 2013. [Online]. Available: http://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-ofmedia-hacked-by-the-chinese.html?_r=0Search in Google Scholar

[6] -, “Wall Street Journal Announces That It, Too, Was Hacked by the Chinese,” The New York Times, January 2013. [Online]. Available: http://www.nytimes.com/2013/02/01/technology/wall-street-journal-reports-attackby-china-hackers.html?ref=technologySearch in Google Scholar

[7] Human Rights Watch, “With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law, and American Democracy,” Jul. 2014, http://www.hrw.org/node/127364.Search in Google Scholar

[8] K. A. Ruane, “Journalists’ Privilege: Overview of the Law and Legislation in Recent Congresses,” 2011. [Online]. Available: http://www.fas.org/sgp/crs/secrecy/RL34193.pdfSearch in Google Scholar

[9] S. Hardy, M. Crete-Nishihata, K. Kleemola, A. Senft, B. Sonne, G. Wiseman, P. Gill, and R. J. Deibert, “Targeted threat index: Characterizing and quantifying politicallymotivated targeted malware,” in Proceedings of the 23rd USENIX Security Symposium, 2014.Search in Google Scholar

[10] W. R. Marczak, J. Scott-Railton, M. Marquis-Boire, and V. Paxson, “When governments hack opponents: A look at actors and technology,” in 23rd USENIX Security Symposium, 2014.Search in Google Scholar

[11] S. E. McGregor, P. Charters, T. Holliday, and F. Roesner, “Investigating the computer security practices and needs of journalists,” in 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, 2015.Search in Google Scholar

[12] G. Greenwald, No Place To Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Metropolitan Books, 2014.Search in Google Scholar

[13] C. Savage and L. Kaufman, “Phone Records of Journalists Seized by U.S.” The New York Times, May 2013. [Online]. Available: http://www.nytimes.com/2013/05/14/us/phonerecords-of-journalists-of-the-associated-press-seized-byus.htmlSearch in Google Scholar

[14] S. Huntley and M. Marquis-Boire, “Tomorrow’s News is Today’s Intel: Journalists as Targets and Compromise Vectors,” BlackHat Asia, Mar. 2014, https://www.blackhat.com/docs/asia-14/materials/Huntley/BH_Asia_2014_Boire_Huntley.pdf.Search in Google Scholar

[15] Freedom of the Press Foundation, “SecureDrop (formerly known as DeadDrop, originally developed by Aaron Swartz),” 2013. [Online]. Available: https://pressfreedomfoundation.org/securedropSearch in Google Scholar

[16] K. Biscuitwala, W. Bult, T. J. P. Mathias Lecuyer, M. K. B. Ross, A. Chaintreau, C. Haseman, M. S. Lam, and S. E. Mc- Gregor, “Secure, Resilient Mobile Reporting,” in Proceedings of ACM SIGCOMM, 2013.Search in Google Scholar

[17] S. Carlo and A. Kamphuis, “Information Security for Journalists,” The Centre for Investigative Journalism, Jul. 2014. [Online]. Available: http://www.tcij.org/resources/handbooks/infosecSearch in Google Scholar

[18] S. E. McGregor, “Digital Security and Source Protection for Journalists,” Tow Center for Digital Journalism, Jul. 2014. [Online]. Available: http://towcenter.org/blog/digitalsecurity-and-source-protection-for-journalists/Search in Google Scholar

[19] M. Keys, “Google experts reveal how top organizations are in danger,” The Blot, 2014, https://www.theblot.com/googleexperts-reveal-top-organizations-danger-7717511.Search in Google Scholar

[20] A. Soltani, “12 of the top 25 news sites (incl. @washingtonpost) rely on Microsoft or Google for hosted email services,” Twitter, 2014, https://twitter.com/ashk4n/status/448105177439285248.Search in Google Scholar

[21] P. Thornton, “Outlook/Exchange vs. GMAIL,” The Journalism Iconoclast, May 2008. [Online]. Available: http://patthorntonfiles.com/blog/2008/05/26/outlookexchangevs-gmail/Search in Google Scholar

[22] N. Borisov, I. Goldberg, and E. Brewer, “Off-the-record communication, or, why not to use PGP,” in ACM Workshop on Privacy in the Electronic Society, 2004.Search in Google Scholar

[23] P. R. Zimmermann, The Official PGP User’s Guide. Cambridge, MA, USA: MIT Press, 1995.Search in Google Scholar

[24] R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The second-generation onion router,” in Proceedings of the 13th USENIX Security Symposium, 2004.Search in Google Scholar

[25] N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith, “SoK: Secure Messaging,” in Proceedings of the IEEE Symposium on Security and Privacy, 2015.Search in Google Scholar

[26] M. Brennan, K. Metzroth, and R. Stafford, “Building Effective Internet Freedom Tools: Needfinding with the Tibetan Exile Community,” in 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014.Search in Google Scholar

[27] Internews Center for Innovation & Learning, “Digital Security and Journalists: A SnapShot of Awareness and Practices in Pakistan,” 2012, https://www.fes.de/themen/menschenrechtspreis/pdf/mrp2012/Internews.pdf.Search in Google Scholar

[28] J. L. Sierra, “Digital and Mobile Security for Mexican Journalists and Bloggers,” Freedom House, 2013. [Online]. Available: http://www.freedomhouse.org/report/specialreports/digital-and-mobile-security-mexican-journalists-andbloggersSearch in Google Scholar

[29] S. Gaw, E. W. Felten, and P. Fernandez-Kelly, “Secrecy, flagging, and paranoia: adoption criteria in encrypted email,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2006, pp. 591-600.Search in Google Scholar

[30] G. Norcie, J. Blythe, K. Caine, and L. J. Camp, “Why Johnny Can’t Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity Systems,” in Workshop on Usable Security (USEC), 2014.Search in Google Scholar

[31] A. Whitten and J. D. Tygar, “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0,” in Proceedings of the 8th USENIX Security Symposium, 1999.Search in Google Scholar

[32] N. Diakopoulos, M. De Choudhury, and M. Naaman, “Finding and assessing social media information sources in the context of journalism,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2012, pp. 2451-2460.Search in Google Scholar

[33] N. Taylor, D. M. Frohlich, P. Egglestone, J. Marshall, J. Rogers, A. Blum-Ross, J. Mills, M. Shorter, and P. Olivier, “Utilising insight journalism for community technology design,” in Proceedings of the 32nd ACM Conference on Human Factors in Computing Systems. ACM, 2014, pp. 2995-3004.Search in Google Scholar

[34] A. Adams and M. A. Sasse, “Users are not the enemy,” Communications of the ACM, vol. 42, no. 12, pp. 40-46, 1999.Search in Google Scholar

[35] Y.-Y. Choong and M. Theofanos, What 4,500+ People Can Tell You - Employees’ Attitudes Toward Organizational Password Policy Do Matter, ser. Lecture Notes in Computer Science. Springer International Publishing, 2015, vol. 9190, ch. 27, pp. 299-310.Search in Google Scholar

[36] K. Renaud, M. Volkamer, and A. Renkema-Padmos, “Why Doesn’t Jane Protect Her Privacy?” in Proceedings of the 2014 Privacy Enhancing Technology Symposium, 2014.Search in Google Scholar

[37] J. Corbin and A. Strauss, Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications, 2014.Search in Google Scholar

[38] V. Venkatesh and H. Bala, “Technology Acceptance Model 3 and a Research Agenda on Interventions,” Decision Sciences, vol. 39, no. 2, pp. 273-315, 2008.Search in Google Scholar

[39] A. Greenberg, “How the Syrian electronic army hacked us: A detailed timeline,” Forbes, February 2014. [Online]. Available: http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-adetailed-timeline/Search in Google Scholar

[40] Symantec, “Internet security threat report 2014,” 2014. [Online]. Available: http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdfSearch in Google Scholar

[41] D. D. Caputo, S. L. Pfleeger, J. D. Freeman, and M. E. Johnson, “Going spear phishing: Exploring embedded training and awareness,” Security & Privacy, IEEE, vol. 12, no. 1, pp. 28-38, 2014.Search in Google Scholar

[42] A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang, “The tangled web of password reuse,” in Symposium on Network and Distributed System Security (NDSS), 2014. Search in Google Scholar

[43] K. E. Caine, “Supporting privacy by preventing misclosure,” in CHI’09 Extended Abstracts on Human Factors in Computing Systems. ACM, 2009, pp. 3145-3148.Search in Google Scholar

[44] P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong, “Teaching Johnny Not to Fall for Phish,” ACM Transactions on Internet Technology, vol. 10, no. 2, pp. 7:1-7:31, Jun. 2010.Search in Google Scholar

[45] PhishMe, http://phishme.com/.Search in Google Scholar

[46] K. Niknejad, A. Kaphle, A. A. Omran, B. Baykurt, and J. Graham, “The New Global Journalism: Foreign Correspondence in Transition,” Tow Center for Digital Journalism, Sep. 2014. [Online]. Available: http://towcenter.org/wp-content/uploads/2014/09/The-New-Global-Journalism-1.pdfSearch in Google Scholar

Plan your remote conference with Sciendo