Freedom of the Press

Photojournalist John Harrington was assaulted, including being hit in the head with a fire extinguisher, while covering the Capitol riots on Jan. 6, 2021. The U.S. Press Freedom Tracker documented at least 16 journalists assaulted that day.

Just six days into January 2021, journalists documenting the Capitol riots were assaulted and tens of thousands of dollars of media equipment damaged. In April, a journalist went on trial after her arrest while reporting from a Black Lives Matter protest the year before. By the time the year closed, one of the most venerated news institutions was under a publishing gag-order.

While we did not see the scope of national social-justice protests of 2020—a year in which journalists were arrested or assaulted on average more than once a day—2021 still outpaced the years before it for press-freedom violations. We systematically capture this data in the US Press Freedom Tracker, where Freedom of the Press Foundation, in partnership with the Committee to Protect Journalists and other press freedom groups, has documented aggressions against journalists in the United States since 2017.

It’s tempting to compare 2021 against 2020—when assaults and arrests of journalists hit an all-time high—and conclude, because fewer journalists were arrested and fewer were hit with crowd-control munitions, that the state of press freedom in the US can be ignored. That conclusion would be wrong.

In fact, if you remove 2020 from the equation, the amount of press-freedom violations documented in 2021 outpaces the years before it across several categories:

• More than 140 assaults of journalists in 2021 captured in our “Physical Attack” category outpaces assaults from 2017 to 2019 combined;
• The number of journalists reporting equipment damaged outpaces the same reports from 2017 to 2019 combined; and
• The 59 arrests or detainments documented by the Tracker nearly equals the arrests and detainments documented from 2017 to 2019 combined.

In 2021, we documented 142 assaults of journalists. For the second consecutive year, the majority of those assaults came during protests: 95 percent in 2020 and 77 percent in 2021.

The year began with a protest that became a riot, as the US Capitol was stormed by a mob attempting to stop certification of election results. The Tracker documented at least 16 journalists assaulted in Washington, DC, while covering those events, many of whom were targeted.

For the second year in a row, the response to federal and local mandates around COVID-19 also factored into physical attacks of journalists. From anti-lockdown to anti-vaccine protests, coronavirus-related assaults increased from four (and much harassment) in 2020 to 14 in 2021.

Read: For visual journalists, harassment now comes from all sides

In 2020, an unprecedented 142 arrests and detainments of journalists occurred, a nearly 1500-percent increase over the nine documented in 2019. In 2021, that number was 59, with nearly half arrested or detained in kettles, a tactic used to hem in large crowds, often before mass arrests.

The last arrests of the calendar year came on Christmas Day, when two Asheville Blade reporters were arrested while covering the eviction of a homeless encampment in North Carolina. Both face charges of trespassing, with hearings scheduled for March, and one of the reporters, Matilda Bliss, had her phone confiscated during her arrest.

Read: More than 50 journalists arrested or detained while on the job in the U.S in 2021

Subpoenas, the Espionage Act and a Prior Restraint

Other Tracker categories—we monitor nearly a dozen—deserve closer looks as well.

For the first time in five years of documentation, the number of publicly-known subpoenas or other legal orders has decreased rather than increased. Of course, it’s not unusual to find out about subpoenas much after the fact: In 2021, we published details about just more than 50 subpoenas requesting reporting material or journalistic testimony. Fewer than half of those were for subpoenas issued in 2021.

For example, the US Department of Justice informed The New York Times on June 2, 2021, that the agency secretly obtained phone records of four of the newspaper’s reporters more than a year before, during the Trump administration in 2020.

That administration also attempted to obtain the four reporters’ email records in January 2021, an effort that continued for a time under the Biden administration. On June 5, the DOJ announced that it would no longer seize journalists’ records during leak investigations.

In December, freelance journalist Amy Harris sued the US House Select Committee to Investigate the January 6th Attack on the United States Capitol after it subpoenaed telecom operator Verizon for her phone records. Of the more than 20 subpoenas captured in 2021, Harris’ is among the eight still pending.

The Trump administration, together with the CIA, also reportedly plotted to kidnap—and possibly even assassinate—WikiLeaks founder Julian Assange, who has been held in a London jail since 2019, Yahoo! News reported in September. In October, more than two-dozen major civil liberties and human rights groups groups, including FPF, sent a letter to Attorney General Merrick Garland demanding that the DOJ drop its prosecution of Assange, underscoring “that the criminal case against him poses a grave threat to press freedom both in the United States and abroad.” To date, Biden’s DOJ has continued the Trump administration’s case against Assange, and in December, an appeals court in the United Kingdom said it would allow the US to proceed in extraditing him.

And while we only documented one prior restraint for all of 2021, even one is noteworthy. On November 11, a New York state court ordered the New York Times not to publish information around the group Project Veritas, the first prior restraint for the newspaper since the Pentagon Papers case 50 years ago. That prior restraint, which was struck down by the Supreme Court in a landmark decision in 1971, only lasted 15 days. As of this writing, this latest prior restraint remains in place, confounding press-freedom groups.

Kirstin McCudden is the vice president of editorial for Freedom of the Press Foundation and managing editor of the US Press Freedom Tracker. She writes the Tracker’s monthly newsletter, which first published much of this analysis. Subscribe to it here.

At the end of 2016, Freedom of the Press Foundation launched Secure The News to track and grade HTTPS adoption by news organizations, with the goal of motivating more news organizations to offer this critical security and privacy feature to their readers. Today, five years later, we’re happy to say that this goal has been largely achieved, and we are retiring the project while archiving and preserving its historical data.

HTTPS is a foundational building block of the secure web. It’s the protocol that ensures the connection between a reader and a website is encrypted such that information about their activity — articles they’re reading, quizzes they’re taking and more — is safe from prying eyes. HTTPS protects web users from eavesdroppers, be they criminals sniffing packets on public Wi-Fi or governments with access to raw traffic logs.

When Secure The News launched in 2016, HTTPS had been increasingly adopted by tech giants and e-commerce sites, but only 53% of the news sites we were tracking supported HTTPS at all — and only 13% made it the default way for readers to connect. As Wired reported on the project at its launch: “For now, it's a grim report card: 75 of the 104 sites received a D or F, and only 4 received an A for their encryption efforts.”

Wired continued:

The goal of that harsh grading, says FPF engineer Garrett Robinson, is to pressure the majority of news sites that haven't considered implementing encryption to add it, and to incentivize those who do use it to make security tweaks that won't ever be visible to most visitors. "We're trying to promote the adoption of best practices for digital security by news organizations with the intention of protecting the security and privacy of their readers, their sources, and their employees," says Robinson. "This ought to be the standard for the web and for the news industry."

Almost immediately, after journalists saw their employer was getting a ‘D’ or ‘F’ score on Secure The News, things began to change. Many news outlets, including the New York Times, started citing Secure The News in their announcements about switching their sites to HTTPS.

We thought some sites would be miffed at us for all the low grades, but the opposite was true: IT staff at major outlets would email us thanking us because they were able to use the Secure The News scoreboard to convince their bosses they needed to make the switch. In the most notable example, a sysadmin at a large news outlet emailed us to point out an error: his outlet’s Secure The News score was actually too high. He wanted to make sure his outlet was getting a failing grade, so he could then show his bosses they needed to invest in HTTPS.

As of our final scans this month, 99% of the 135 news sites in our database supported HTTPS and 98% of them made it the default way for readers to connect. There are, of course, many reasons why so many news websites are now encrypted by default, and Secure The News was only one factor. It is thanks to a massive combined effort of news organizations and the larger open web community, but the results are clear: a huge privacy and security win for news readers.

Percentage of sites passing Secure The News criteria over time: A site is considered passing if it passes a test more often than it fails in a given month. Code

We also tracked more detailed security measures. Fifty percent of news sites have added the HTTP Strict Transport Security header, or HSTS, that instructs modern browsers to only connect using HTTPS. In 2020 we also added tracking of news websites that had an “Onion service,” a technology that allows users to access websites with a high degree of anonymity using Tor. While the number of news sites providing Onion services remains small — it grew from 3% to 4% over the course of our tracking — we hope to see this number continue to rise as news organizations take more measures to protect their readers.

This project has officially sunset, but you can view a copy of it through the Internet Archive. We’re also making available the results of every scan we’ve run since the project launched as a bundle of JSON files: Download the data archive.

We continue to fight for privacy, security, and press freedom through SecureDrop, The U.S. Press Freedom Tracker, digital security trainings and resources for journalists and organizations, and more. If you have ideas for ways you'd like to see Freedom of the Press Foundation advocate privacy and security in the news in the future, please let us know!

More than 60 journalists have sued police after arrests or assaults at protests, according to new analysis from the U.S. Press Freedom Tracker. That total amounts to 82% of the lawsuits filed by journalist or media outlet plaintiffs against public officials. More than two-thirds of these suits — some 76% — were filed following aggression at Black Lives Matter protests in the past 18 months.

When a journalist sues to enforce their First Amendment rights, it can kick off a long and expensive legal process with no guarantee of accountability. In some cases, public agencies will settle early in the process — usually with a monetary agreement — and offer concrete changes to police policies or procedures as part of the settlement. Other lawsuits can languish for years or be dismissed altogether.

The new analysis goes into detail on those settlements, as well as the approximately 29 press freedom lawsuits that remain pending. That litigation is in courts all over the country, and represents journalist suits brought in Los Angeles, Minneapolis, New York City, Portland and elsewhere.

Read the full report on journalist litigation at the U.S. Press Freedom Tracker.

New reporting into a government operation codenamed "Operation Whistle Pig" describes a shocking level of invasion into the personal and private lives of journalists. In blockbuster reporting, Yahoo News describes the actions of the Counter Network Division, a secretive unit of U.S. Customs and Border Protection that works with law enforcement and the intelligence community.

The reporting focuses on the story of Ali Watkins, a journalist whose phone and email records were seized by the government under the Trump administration, but outlines invasive CBP investigations — which involved rifling through confidential government databases — into as many as 20 journalists. Those investigations led to referrals for criminal prosecution of at least three CBP employees, but no charges were ultimately filed. Yahoo News reportedly obtained a copy of the Department of Homeland Security inspector general report describing this misconduct and the referrals.

Three main takeaways from this story:

• Surveillance of journalists is, at least on paper, tightly circumscribed by the Department of Justice media guidelines, which were recently rewritten in light of embarrassing disclosures this year of improper investigations into journalists during the Trump administration. At the very least, these news media guidelines should be adopted by all other federal agencies. The Yahoo News story quotes law professor Geoffrey Stone on this point: "If there is no law or policy that specifically regulates it, then there’s nothing that prohibits it."
  
  
• That’s only a start. As we've consistently argued (and as Attorney General Merrick Garland said when signing the rewritten media guidelines into effect), these policies must be codified by proper legislation. Congress should pass legislation such as the PRESS Act, which would enshrine these strong protections into law — where they will carry greater weight and cannot be changed by a future administration's memo.
  
  
• In this case in particular, DHS must turn over to Congress its inspector general report on this operation for appropriate oversight, as called for by Sen. Ron Wyden.

Congress should conduct a thorough investigation into Operation Whistle Pig and the DHS and CBP role in leak investigations generally. Journalists should be able to do their job without the fear of shadowy government employees searching through their private financial or travel records.

A UK appeals court has allowed the United States to proceed in its extradition of Wikileaks publisher Julian Assange, overturning an earlier ruling that denied prosecutorial efforts based on the inhumane conditions of the American prison system.

The US Justice Department under Donald Trump specifically charged the Wikileaks publisher under the Espionage Act and the Computer Fraud and Abuse Act, largely for actions rightfully recognized as protected news gathering practices.

The Biden administration has continued the case, despite the near-universal condemnation from the civil liberties, human rights, and journalistic communities; Freedom of the Press Foundation has joined ACLU, Human Rights Watch, Amnesty International, Committee to Protect Journalists, and a coalition of more than two dozen organizations to repeatedly urge President Biden’s Department of Justice to drop its prosecution.

Today’s ruling is an alarming setback for press freedom in the United States and around the world, and represents a notable escalation in the use of the Espionage Act in the “War on Whistleblowers” that has expanded through the past several presidential administrations.

The following statement can be attributed to Trevor Timm, executive director of the Freedom of the Press Foundation and an expert witness for the defense at the trial level:

These proceedings, and today's ruling, are a black mark on the history of press freedom. That United States prosecutors continued to push for this outcome is a betrayal of the journalistic principles the Biden administration has taken credit for celebrating. As brave whistleblowers have explained for decades, this kind of abuse of the Espionage Act against sources — and now journalists and publishers — is an embarrassment to basic ideals of justice and to core First Amendment values.

We now await any possible appeal, or extradition and United States trial.

Freedom of the Press Foundation continues to urge the Department of Justice to terminate its pursuit of this prosecution, and to commit to not using the Espionage Act against journalists and their sources in other prosecutions. We urge Congress, too, to reform the Espionage Act so it can no longer be abused in this manner.

The 56 journalists arrested or detained in the United States in 2021 approaches the combined totals of 2017, 2018, and 2019 — an alarming indicator of the state of press freedom, according to a new report released by the U.S. Press Freedom Tracker. After the unprecedented pace of arrests in 2020, some may have hoped for a “return to normalcy.” But as this new report shows, the press environment in the United States is still reeling.

The Tracker comprehensively documents press freedom violations in the United States, capturing arrests or detainments of journalists throughout the year — including four in the first week alone. Per today's report, some 86% of those arrests or detainments occurred during protests.

The report also includes a section on continuing legal charges for arrested journalists. According to the Tracker, seven journalists currently face charges stemming from arrests while reporting, including five from 2020 and two from 2021.

Read the report in full at the U.S. Press Freedom Tracker.

A New York judge today ruled that an earlier prior restraint against the New York Times should not be lifted, but instead extended until at least December 1. Freedom of the Press Foundation joined fifty news media organizations in signing an amicus brief urging the court to dissolve its previous order.

The following statement can be attributed to Freedom of the Press Foundation Advocacy Director Parker Higgins:

Today's decision to allow this prior restraint of New York Times publishing to continue — and to restrict the paper's reporters from engaging in common news gathering activities besides — is a shameful development. It is a cornerstone of the law in this country that any prior restraint, even a very temporary one, is constitutionally permissible only in the most extreme scenarios. As the Times noted in its briefing on the issue, the result has been that such an order has not been entered against it since the Pentagon Papers case some 50 years ago.

While it's not totally unheard of for a court to inadvertently cross that line, it's rare and troubling to see a judge double down on that mistake even as legal experts have shone a spotlight on the case.

A trial court judge has ordered The New York Times to stop disseminating information related to Project Veritas, in a shocking act of both prior restraint and restriction on protected newsgathering activities. Dean Baquet, executive editor of the Times, cited the Pentagon Papers case in calling the ruling "unconstitutional" and noting that it "sets a dangerous precedent." We agree.

Although an attorney for Project Veritas has claimed it is not a prior restraint, it is that and more. Incredibly, it also appears to call for the removal of existing stories, and to restrict the Times from acquiring related material — in other words, from basic reporting.

It is ironic and hypocritical that the group that requested this extraordinary measure is Project Veritas, a group that is currently in the center of a second press freedom firestorm. Earlier this month, FBI agents raided the homes of its founder James O'Keefe and two of his associates, apparently in connection with an investigation into a diary written by President Biden's daughter Ashley.

As we wrote this week, the press freedom implications of that raid, in the absence of evidence that O'Keefe or Veritas are directly connected to the theft, are profound. The First Amendment and laws such as the Privacy Protection Act limit the government's reach into activities that could be construed as journalistic. Importantly, they apply broadly, not just to a special class of designated journalists.

But that does not remotely excuse them for pursuing a blatantly unconstitutional prior restraint, effectively censoring the Times from reporting on them. And the judge should know better. Issuing such a gag order is a fundamental violation of the First Amendment. Even if the underlying materials were misappropriated or somehow unlawfully obtained by an outside source, the right to report on those materials, and to publish that reporting, is a cherished and long-established cornerstone of press freedom in this country. Indeed, in the Pentagon Papers case itself the paper was reporting on materials that had clearly not been lawfully obtained by their source.

As our colleagues at Reporters Committee for Freedom of the Press have noted, not since that case has such a broad prior restraint order been entered against the New York Times. Now, as then, such a demand offends the most basic principles of press freedom in this country.

The FBI raided the homes of Project Veritas founder James O’Keefe and two of his associates earlier this month, in connection with an investigation into a diary reported to be stolen from President Biden’s daughter Ashley. Excerpts from the diary were published by another outlet — to little notice — in the run-up to last November’s election.

Based on the available information, this raid is a troubling development for press freedom. That the potential story was not a blockbuster public interest investigation, and that O’Keefe and Project Veritas have a long history of deception and manipulation, do not change that fact.

For good reason, neither the First Amendment nor the Privacy Protection Act — the little known but vital law that sets a very high bar for searches and seizures in cases that may touch on press freedom — create a special class of journalists entitled to rights beyond ordinary citizens. Instead, everyone is very broadly understood to have the legal right to engage in acts of journalism. (The PPA, in fact, doesn’t explicitly mention or define “journalists” at all: the law protects “work products” of any “person reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication”.)

The benefits of this approach are that the government cannot deny the protection of law to political adversaries; or those who would publish embarrassing or challenging facts about people or institutions in power; or jail a part-time independent journalist for engaging in acts that journalists at The New York Times engage in regularly. At least in theory, the mechanisms of law enforcement cannot be legally used to intimidate targets who are not doing the “right” kind of journalism in the eyes of the government officials.

And indeed, much of the brave journalism that we celebrate, the kind that speaks truth to power and effects real change in the public interest, relies on those protections. For example, our SecureDrop system, which is used in dozens of news outlets in the United States, is hosted on-site in newsrooms, in part because newsrooms can give broad legal protections to the critical tips and important stories submitted by whistleblowers — even in cases where that material has been misappropriated by sources in some way.

The tradeoff to broad free speech rights, of course, is that people may speak in ways that are odious or deceitful, or engage in journalism which reasonably can be interpreted as unethical, even when it breaks no law. But any system designed to diminish those rights for known “bad actors” is a system that could be abused to silence speech — and can be turned on those who engage in acts of journalism that we consider noble and just.

Whether we — or anyone for that matter — consider O’Keefe and Project Veritas to be “journalists” is beside the point. If, in this particular case, they were engaged in acts of journalism — receiving information from a source and looking into whether they should publish it — the case may have serious implications for press freedom. This is why, in addition to Freedom of the Press Foundation, organizations like ACLU and the Committee to Protect Journalists have also issued statements expressing deep concern over the matter.

For the past decade, under administrations that span both parties, the Justice Department has infringed on the rights of many mainstream and independent journalists, often in secret — from engaging in invasive surveillance, to prosecuting their sources, and to this day, attempting to criminalize important aspects of the newsgathering process. Perhaps there’s reason not to trust as fact O’Keefe’s sworn statement to a court that the diary was legally obtained, given his organization’s history of deception; but we are not about to take the Justice Department’s word for it either, when they have not released any evidence at all that shows O’Keefe or his employees broke the law.

Thankfully, Reporters Committee for Freedom of the Press has filed a motion to unseal the search warrant application, citing the strong public interest in the case, and the government has been ordered to respond by Friday.

If the DOJ does have probable cause evidence that O’Keefe or Project Veritas were directly involved in the theft of the diary, then our concerns would be alleviated. But unless and until the DOJ releases such evidence, this episode will remain very worrying from a press freedom perspective.

The United States prosecution of Julian Assange is a threat to press freedom around the globe. In light of that fact, and in light of shocking reporting late last month about CIA plans to kidnap or even assassinate him, the charges must be dropped. We've joined a coalition of more than two dozen press freedom, civil liberties, and international human rights groups reiterating that position in a letter delivered today to Attorney General Merrick Garland.

ACLU, Amnesty International, Human Rights Watch, Knight First Amendment Institute, Committee to Protect Journalists, and Reporters Without Borders are among the signatories to this unified message.

Today's letter follows up on a demand sent by the same 25 groups in the first weeks of the Biden administration. Biden and members of his administration have spoken about the importance of a free press and the work of journalists, but in this regard — a prosecution we have previously identified as "the most dangerous press freedom issue" in the United States — he has chosen to follow his notoriously anti-press predecessor in office. U.S. prosecutors have continued to pursue the case and an appeal of the Assange extradition denial.

Read the letter in full below.

Today is one of the most important days in the history of Freedom of the Press Foundation, and especially for SecureDrop, our open-source whistleblower submission system used by over 70 news organizations worldwide. Let me explain.

We have long been strong believers that open source technology — specifically privacy preserving tools that don’t attempt to make money through the traditional surveillance capitalist model — can have an outsized impact on protecting our rights online. In times where governments and tech giants have unprecedented surveillance capabilities, policy and legal protections often don’t shield reporters from having their sources exposed. Projects like SecureDrop are vital for enabling important investigative reporting in the digital age. While news outlets are understandably tight-lipped about how they use SecureDrop, the proof is in the pudding.

But herein lies the conundrum: while open-source software tools can be more impactful in protecting press freedom than anything else, they are also the hardest to fund. Many traditional foundations don’t have the expertise or ability to evaluate software projects, and are wary of directly funding their development. The few grantmaking outfits who specialize in open-source software development sometimes only fund prototypes or new projects, which leaves the tools journalists likely rely on most — those that have a track record of success — in a perilous funding desert.

In many ways, we’ve been lucky. Despite the many fundraising difficulties that open-source tools often face, we’ve had the benefit of loyal support from donors with long-term vision. With their help, we’ve been able to sustain the project. But developing and maintaining high-risk software which is relied on by so many journalists all over the world is also very expensive, and it means cobbling together support from dozens of different sources. SecureDrop represents 40% of Freedom of the Press Foundation’s $4 million budget, yet it is still drastically underfunded compared to for-profit tools of all kinds.

Over the past eight years, we have slowly grown our SecureDrop team by piecing together dozens of general support grants, private donations, and support contracts from news organizations. And while we’ve had great success compared to many other open-source projects, it always feels like a precarious position — especially given how many journalists and whistleblowers rely on SecureDrop for protection.

Today, for the first time, that calculus has changed. We’re thrilled to announce the largest grant in the history of Freedom of the Press Foundation that will ensure SecureDrop survives — and thrives — for years to come. The Filecoin Foundation for the Decentralized Web — a new grantmaking organization whose mission is to permanently preserve humanity’s most important information — is funding FPF at over $1.7 million for each of the next three years, for a total of $5.8 million.

The funding will largely go towards sustaining and expanding our SecureDrop team, funding the development of the next-generation of the system, including exploring a new zero-trust architecture for the decentralized servers. This grant will ensure that SecureDrop will not only be sustainable over the long term, but will be easier to use and hopefully safer than ever. In short, it will have a game-changing impact on how we can build and improve SecureDrop for journalists around the world. You can read about some of our technical plans for the future here.

In addition to helping upgrade SecureDrop, FPF will leverage its collaboration with FFDW to support several other efforts critical to safeguarding free speech, a free press, and the preservation of critical information using the decentralized web. Some of these projects include: publishing our comprehensive U.S. Press Freedom Tracker data on the decentralized web every year, exploring how we can further help news outlets who are under threat of being taken offline, and evaluating state-of-the-art privacy preserving tools within the decentralized web ecosystem that could provide network-level anonymity in decentralized web projects, in addition to our existing reliance on the Tor network.

We are incredibly grateful to the Filecoin Foundation for the Decentralized Web for believing in our mission and our results. And we can’t wait to get to work.

Today, Yahoo News published a long and deeply-sourced investigation that the CIA, led by Trump appointee Mike Pompeo, repeatedly and seriously considered kidnapping and even assassinating WikiLeaks founder Julian Assange. The agency engaged in so many shocking and extra-legal actions that the whole report needs to be read in full to be believed.

Yahoo News also reported that intelligence officials, in disturbing disregard for the First Amendment, pushed to have other journalists—including FPF board members Laura Poitras and Glenn Greenwald—re-categorized as “information brokers” for their award-winning reporting on the Snowden disclosures. Yahoo said that the purpose was to open up “the use of more investigative tools against them, potentially paving the way for their prosecution.”

The following statement can be attributed to Freedom of the Press Foundation (FPF) executive director Trevor Timm:

“The CIA is a disgrace. The fact that it contemplated and engaged in so many illegal acts against WikiLeaks, its associates, and even other award-winning journalists is an outright scandal that should be investigated by Congress and the Justice Department. The Biden Administration must drop its charges against Assange immediately. The case already threatens the rights of countless reporters. These new revelations, which involve a shocking disregard of the law, are truly beyond the pale.”

Previously, a coalition of groups focused on civil liberties, human rights and press freedom—including Freedom of the Press Foundation—urged the Biden administration to drop its charges against Assange. The letter to Biden’s Justice Department was signed by the ACLU, Committee to Protect Journalists, Human Rights Watch, Amnesty International, and many more.

In the wake of its botched “righteous” drone strike that the United States now admits killed 10 civilians in Afghanistan, lawmakers on both sides of the aisle are raising questions about the horrific costs of the drone program. These are critically important questions to ask, with the highest possible stakes for people around the world. And yet, there is one person, largely left out of the conversation, who risked his well-being and freedom to bring to the public the information that informs this discussion. He is now just months into serving a nearly 4-year prison term for his whistleblowing.

Daniel Hale was sentenced this summer under the Espionage Act, a law that may have once been targeted at actual espionage but is now routinely used against national security whistleblowers who speak to U.S.-based journalists. As we have documented extensively, the Espionage Act has no "public interest" defense; even if someone reveals corruption, waste or illegal behavior on the part of the U.S. government, a defendant is barred from telling the jury about their motive or benefits of their actions.

In admitting that it killed civilians — rather than terrorists as initially claimed — the Pentagon specifically cited the excellent New York Times exposé on the incident that interviewed more than a half dozen people who were with the main victim that day. Of course, if the Times had instead gotten its information from a guilt-ridden military employee, rather than from on-the-ground interviews with witnesses, the paper would have likely faced angry denials, and that employee could have faced years in prison without the opportunity to justify themselves in court.

For at least five decades now, this injustice of the Espionage Act has been apparent, since Pentagon Papers whistleblower (and Freedom of the Press Foundation co-founder) Daniel Ellsberg was barred from offering prepared testimony about his motivation in exposing the myriad lies underpinning the Vietnam War. Every journalistic source who has been prosecuted under the Espionage Act since then has faced the same impossible hurdles in getting a fair trial, despite the clear public interest in their whistleblowing.

Hale's leaks, too, have indisputably served the public interest. The Intercept stories the government implied to be based on his leaks showed how drone strikes routinely killed civilians, even in the face of official denials. It was in the wake of reporting on documents he provided about the drone program that the Obama administration began disclosing information about inadvertent civilian deaths in drone strikes. (The Trump administration would later revoke the new transparency requirements.)

In response to the latest tragedy, senators and representatives have cited information about the ghastly number of inadvertent drone killings, but even these lawmakers are facing careful official denials based on selective declassification of information. Sen. Chris Murphy, for example, has faced official blowback for his suggestion that drone strikes hit the wrong target "maybe eight out of 10 times." In defending his claim, the U.S. senator from Connecticut cited his sources: "Since the government classifies data on the efficacy of drone strikes, the only full public data set is from a leak of the Haymaker drone campaign in Afghanistan," referring to the initial stories in The Intercept.

Hale and others like him provide the material that journalists communicate to the public to inform our understanding of these secret yet incredibly deadly and consequential programs. That role is always necessary, but never more so than when the government is able to pick and choose which information is made available for general consideration.

Although the Espionage Act does not allow for consideration of the public interest, Hale’s attorneys felt compelled to note his motivation in a filing with the court: “The facts regarding Mr. Hale’s motive are clear. He committed the offense to bring attention to what he believed to be immoral government conduct committed under the cloak of secrecy and contrary to public statements of then-President Obama regarding the alleged precision of the United States military’s drone program.”

Hale himself filed a handwritten document with the court speaking to his motivation for disclosing the drone records. “My conscience, once held at bay, came roaring back to life. At first, I tried to ignore it. … So I contacted an investigative reporter, with whom I had had an established prior relationship, and told him that I had something the American people needed to know.” In the wake of another tragedy, the people’s need to know is clearer than ever.

Local journalism is critical to communities all over the country, but many organizations that have long employed reporters to cover important local news stories have struggled to find a financial footing over the past several decades.

The Local Journalism Sustainability Act — a bill introduced with bipartisan support in the House of Representatives and a notable slate of Democratic backers in the Senate — aims to remedy that disconnect with a collection of temporary benefits that could sustain small local news outlets and give them time to retool.

We are usually wary of federal legislation aimed at supporting local journalism, despite its importance, because of conflicts of interest that can emerge from the government picking what kinds of outlets qualify, or from direct subsidies coming from the subject of coverage. The Local Journalism Sustainability Act seems to solve those long-standing issues in an innovative way. We at Freedom of the Press Foundation endorse the bill.

Instead of laying out strict criteria to qualify for direct subsidies, the LJSA would provide three primary mechanisms that would potentially help all small local news outlets. Perhaps most notable for most readers, the law would cover a large portion of the cost of a local newspaper (or news non-profit) subscription in the form of a tax credit, up to $250. For the five years this law would be in effect, more Americans could pay much more than they currently do for local news with a subsidy from the federal government. This prong is well-structured: for households that pay federal income tax, a tax credit is effectively direct money towards subscriptions, more readily available than an itemized deduction, and would incentivize local news outlets to form relationships with readers.

The second mechanism is a payroll tax credit for the news outlets themselves towards the salaries of reporters, editors, and photographers. For outlets facing a vicious cycle of declining revenues leading to diminished newsroom staff leading to a less obvious value proposition to readers, a cash infusion that allows newsrooms to staff up could help tremendously.

Finally, also on the revenue side, the bill would provide tax credits to small businesses that pay to advertise on local news sites, in newspapers, or on television and radio.

American federal support of news reporting and publishing is nearly as old as the country itself, including similarly “content-neutral” postal subsidies for newspaper and pamphlet delivery. Over that time, defining "journalism" in a way that includes innovative and independent outlets has been a hard problem only gotten more difficult. (That difficulty has often been our sticking point with other proposals, such as increasing penalties for assaults on journalists.)

But it's undeniable that local news reporting provides important benefits to the communities that can sustain commercial or nonprofit newsrooms. This bill takes a very broad approach to the question of definition, and makes it easier for those communities to provide their own support for local outlets.

That reliance on existing community support has its flaws, too. For one thing, historically marginalized and underserved communities may not have existing outlets (or subscriber bases) to build up with the tax benefits. And by contrast, the many legacy outlets that have been dramatically cut back by hedge fund or private equity purchasers could stand to receive these benefits. Still, it would provide major help for many existing newsrooms that provide important coverage and could use the lifeline.

With broad bipartisan support in the House, this bill would have good odds in that chamber. Although the co-sponsors on the Senate side are exclusively Democrats to date, its supporters aim to include a version of this bill in the $3.5 trillion reconciliation package that is likely to pass with or without Republican support.

Apple announced Friday that it would postpone its planned roll-out of user device surveillance technology that had come under heavy fire from the privacy and civil liberties community. We at Freedom of the Press Foundation wrote last month that the technology was a “threat to user privacy and press freedom,” and could, if abused, threaten whistleblowers and journalists working on sensitive stories.

We were far from alone in raising the alarm about Apple's plans. Nearly one hundred civil society organizations signed an open letter to the tech giant urging it to reconsider, joining thousands of individuals, including security researchers, cryptographers, and privacy experts on a second letter. The strength and virtual unanimity of this outcry is heartening, and clearly had an effect. As our board president Edward Snowden put it on Twitter: “Don't ever let anyone tell you that there's nothing you can do when a company announces a plan to screw you.”

But while a delay is welcome, it’s not sufficient. Apple should drop its plans for this backdoor technology entirely. As we previously said about the technology, “No backdoor for law enforcement will be safe enough to keep bad actors from continuing to push it open just a little bit further.” The qualms from the privacy community weren’t nitpicks about implementation details, but a rejection of the underlying premise.

The danger of untrustworthy devices to journalists and sources has never been clearer, as we come off a summer of revelations of powerful spyware targeting reporters and the disclosure by investigators that encrypted messenger metadata was used to identify at least one whistleblower behind a major piece of financial reporting.

It’s crucial, then, that the developers of our technology and software keep their interests aligned with the privacy needs of their users. Apple has marketed itself on these very values, and indeed has often led the field towards more privacy preserving practices. This proposal could have been a dangerous move backwards; dropping it would be a step towards regaining user trust.

Legislative Branch records don’t receive the kind of public scrutiny the Freedom of Information Act brings to the Executive, but that could change thanks to a novel lawsuit over video records related to the January 6 riot at the Capitol. If this litigation manages to bring more transparency to Congress, either through a win in court or other pressure, it would constitute a major victory for the public and for the journalists who cover the actions of the government.

This new lawsuit follows an opinion issued by a D.C. Circuit judge in June, which cited a “common law right” of public access to government records that could apply to Congress. In that earlier case, the conservative transparency organization Judicial Watch had sued for access to the subpoenas that the House Intelligence Committee had issued in its impeachment inquiry of President Donald Trump. Although that case was dismissed, Judge Karen LeCraft Henderson wrote in a concurring opinion, “I believe, in the right case, the application of the Speech or Debate Clause to a common law right of access claim would require careful balancing.”

Journalist Shawn Musgrave thinks he’s found the right case. Earlier this month, he sued for the release of the video, citing that "common law right of access.” The primary implications are significant — Congress has some 14,000 hours of surveillance footage from the Capitol on January 6, most of which is not available to the public — but more notably, if successful, this suit could usher in a new standard of transparency for Congress.

Without a doubt, open records laws — like FOIA and its many state- and municipality-level equivalents — underpin much important reporting. (We capture and highlight some of the stories that rely on those laws with our Twitter bot, FOIA Feed.) But these laws generally only apply to the executive branches of government. Congress, of course, has written FOIA and its many amendments over the previous 50+ years, and has steadfastly refused to apply the transparency law to itself.

As Musgrave's lawsuit contends, there's no reason the animating principle of laws like FOIA couldn't apply just as strongly to the legislature, including Congress. Fundamentally, if the people have a right to know what the government is doing, that right shouldn’t end at the steps of the Capitol.

Somewhat ironically, Congressional objections to increased transparency often focus on the "Speech or Debate Clause'' of the Constitution, which insulates legislators and their staff from arrest or inquiry for statements made on the floor of the House or Senate.

We've written before about how the Speech or Debate Clause represents a woefully underutilized opportunity to share important information with the public and expose government wrongdoing without fear of the draconian consequences that face many other whistleblowers; it's doubly shameful then that the same clause is used in this case to instead obscure the activities of government.

The Freedom of Information Act, and the laws that followed in its image, were revolutionary to the field of government transparency in the 1960s. The law remains vital to journalists, but as Freedom of the Press Foundation and many others have documented over the years, the law is also fundamentally broken.

Like any lawsuit with a novel legal theory, success is far from certain, and could take many shapes — for example, pressure from this lawsuit could and should prompt Congress into taking action with legislation that strengthens FOIA and expands its scope. Still, it's heartening to see journalists and members of the public continue to push the envelope on bringing the activity of the government to the people, and we are eagerly following this effort.

When Apple announced a new plan this month for scanning photos on user devices to detect known child sexual abuse material (CSAM), the company might have expected little controversy. After all, child sexual abuse is a problem everyone wants to solve.

But the backlash from privacy and human rights advocates was swift, loud, and nearly unanimous. The complaints were not largely about the precise implementation Apple announced, but rather the dangerous precedent it sets. The ways in which the technology could be misused when Apple and its partners come under outside pressure from governments or other powerful actors are almost too many to count.

Very broadly speaking, the privacy invasions come from situations where "false positives" are generated — that is to say, an image or a device or a user is flagged even though there are no sexual abuse images present. These kinds of false positives could happen if the matching database has been tampered with or expanded to include images that do not depict child abuse, or if an adversary could trick Apple’s algorithm into erroneously matching an existing image. (Apple, for its part, has said that an accidental false positive — where an innocent image is flagged as child abuse material for no reason — is extremely unlikely, which is probably true.)

The false positive problem most directly touches on press freedom issues when considering that first category, with adversaries that can change the contents of the database that Apple devices are checking files against. An organization that could add leaked copies of its internal records, for example, could find devices that held that data — including, potentially, whistleblowers and journalists who worked on a given story. This could also reveal the extent of a leak if it is not yet known. Governments that could include images critical of its policies or officials could find dissidents that are exchanging those files.

These concerns aren’t purely hypothetical. China reportedly already forces some of its citizens to install apps directly onto devices that scan for images it deems to be pro-Uyghur.

Apple has promised to stand up against the forced inclusion of non-CSAM images to the hash database in an FAQ document it published amidst the backlash: "Apple would refuse such demands and our system has been designed to prevent that from happening." If only it were that simple! Even with the best of intentions, Apple (and the organizations that maintain the databases in question) are likely to face extreme pressure from governments all over the world to expand their efforts to all sorts of other types of “illegal” content. And legal orders are not exactly something companies can just “refuse.”

As EFF said, “if you build it, they will come.”

After extensive criticism, Apple last week issued more clarifications about efforts to mitigate those concerns. It would only match against images that had been flagged by groups in multiple countries, and sophisticated users would be able to check that the list of images their own phone was checking against was the same as on every other phone. While these assurances help mitigate the risk of a single point of failure, they do not fully address the risks posed by a state-level actor.

And unfortunately, the company has in some cases yielded to that kind of pressure. Reporting earlier this year documented Apple agreeing to store user data and encryption keys in China, at the government's behest, and complying with requests for iCloud data. The company has also removed apps and games from its marketplace to comply with local regulations. What would it do differently in the face of new demands to misuse this image matching tech?

Beyond the possibility of database tampering, another way false positives could occur is if adversaries are able to generate files that are "collisions" with known images in the database. Since even before Apple's formal announcement, researchers have called for the company to publish its matching algorithm so they could see how susceptible it is to these kinds of generated bogus matches (which are usually called "adversarial examples" in the world of machine learning).

Apple has thus far declined to make that matching function available, even as the company has called on security researchers to check its work. However, researchers appear to have recently extracted the matching function from iOS, and even generated a "pre-image" match — that is, generating a file from scratch that Apple's matching function cannot distinguish from another known image.

This research represents a serious problem for Apple's plans: adversaries that can generate false positives could flood the system with bad data, even using the devices of unsuspecting users to host it. The earliest adversarial examples look like white noise, but it is likely only a matter of time before they can be embedded in another image entirely.

Journalists, in particular, have increasingly relied on the strong privacy protections that Apple has provided even when other large tech companies have not. Apple famously refused to redesign its software to open the phone of an alleged terrorist — not because they wanted to shield the content on a criminal’s phone, but because they worried about the precedent it would set for other people who rely on Apple’s technology for protection. How is this situation any different?

No backdoor for law enforcement will be safe enough to keep bad actors from continuing to push it open just a little bit further. The privacy risks from this system are too extreme to tolerate. Apple may have had noble intentions with this announced system, but good intentions are not enough to save a plan that is rotten at its core.

At Freedom of the Press Foundation, one way we support news organizations is through digital security education for reporters. We believe that, just as newsrooms are developing digital security competencies in real-time, student journalists should develop these skills as well. That’s why we’re thrilled to share the U.S. Journalism School Digital Security Curriculum, a resource to assist J-school instructors in bringing digital security know-how to their program.

From our research with J-school students and instructors, we know that journalism professors are always juggling competing priorities in their coursework. They are under pressure to teach a variety of skills that are in flux. Students are learning programming skills, and mastery over various forms of digital media that vary from year to year. We found most accredited U.S. J-school programs— roughly three-in-four — provide no digital security education of any kind, despite its outsized importance.

Just as we are asking students to work with digital tools online, we believe digital security is part of doing this work more safely and sustainably. With help from dozens of J-school instructors and security experts, we are excited to share that our digital security team has created a semester-long curriculum, complete with slides, lesson plans, and more. With attribution instructors may use and adapt the materials to their own needs, for free. We hope this digital security curriculum will help programs get started developing their own.

Some rare programs, such as the University of Nevada, Reno, and University of Southern California Annenberg School offer dedicated courses on digital security. But we also know most U.S. J-schools do not have in-house expertise for instructing on digital security, and where it exists, it typically takes the form of short workshops and ad hoc training. Workshops are a good starting point, but we think we can help programs go further.

To help programs scale their digital security offerings, we wanted to provide a resource that would help instructors build out their own curriculum. Because most programs are juggling so many competing priorities, we also understand that full courses may be impractical for some programs.

To help J-schools introduce smaller-scale but in-depth lessons, we took a modular approach to creating our digital security curriculum, breaking the curriculum into several sections. The modules examine foundational security topics such as threat modeling, how the internet and telecommunications work, chat safety, to authentication practices, malware, file safety, and more. We also created a broad “Digital security 101” for those who want to start with a beginner-friendly digital security workshop. Each module provides plans on how to conduct the lesson, suggested discussion questions, and even slides. Instructors can reach out to our team at freedom.press/contact for help.

Want to get started? Check out the U.S. Journalism School Digital Security Curriculum.

In recent years at Freedom of the Press Foundation — where we have one of the only full-time digital security teams focused on training journalists — we’ve seen firsthand how newsroom demand for security expertise has exploded. So you’d think educating the next generation of journalists about digital security would be a critical part of journalism schools as well. Unfortunately, our research suggests we have a long way to go.

Recently, we presented new and original research on the barriers to digital security education in U.S. J-schools at the 2021 International Communications Association conference.

Just like contemporary newsrooms targeted for hacking and surveillance, student journalists who move to professional newsrooms will be expected to promote their work online. In turn, they will have to worry about communications being monitored by their governments, state-sponsored hackers infiltrating their newsrooms, coordinated harassment campaigns, and much more.

We wanted to know what journalism schools are doing to prepare students for this volatile environment for digital safety. In early 2020[1] we reached out to accredited and provisionally accredited graduate and undergraduate university programs across the U.S. — at the time 106 departments. We contacted department heads, professors focused on technology coursework, and department staff whose roles involve knowledge of the program (e.g., students services specialists), and asked if they offered digital security courses or related coursework. Of the programs we contacted, 43% responded. We also examined the non-responsive programs’ course offerings to learn if they had related listings. Finally, we interviewed 13 instructors and 10 students to learn more about security education at their programs.

Despite the clear need for digital security education, of the responsive programs, roughly one-in-four said they offered digital security education of some kind. When these efforts do take place, typically they are one-time lectures embedded in ongoing coursework, as well as informal, ad hoc workshops. At the time of the study, among accredited and provisionally accredited programs we identified two J-schools — University of Nevada, Reno’s Reynolds School and University of Southern California’s Annenberg School — that offered dedicated digital security courses as electives. (To be clear, there may be others that we lacked visibility into.)

One-off workshops cover digital security fundamentals, such as an introduction to risk assessment techniques, password practices, and encrypted chat tools like Signal. And while these types of seminars — which usually only last 2-3 hours — are a good starting point, students may not retain all of the information taught in a single workshop, given the range of tools and practices introduced in a relatively short time. Likewise, they may not have dedicated time to practice implementing the suggested security practices, and therefore may not develop the experience necessary to incorporate them into their work. Extended courses, by comparison, provide this time and space.

Many professors suggested that their program would have a difficult time accommodating digital security coursework because they already struggle to fit so many topics into their existing program. Each year, industry trends influence how departments prioritize their coursework, and in recent years departments have been pulled into dozens of less-familiar topic areas, such as novel digital media techniques and programming skills, further straining instructors’ time.

J-schools’ education priorities are highly market-driven. Many newsrooms are influencing J-schools to help them develop competencies that will be used in journalistic output, such as podcasting and data reporting. By contrast, digital security is often seen as less critical to the output of reporting—despite its outsized importance.

We also know the Accrediting Council on Education in Journalism and Mass Communications has prioritized a variety of digital media literacy topics, but does not ask departments to require any form of digital security education. Such a requirement would incentivize over a hundred programs to adopt digital security in their curriculum.

Another reason so few programs have digital security offerings is that department leadership is simply not aware of the significance of this problem. We spoke to a few instructors in positions of leadership who said that when they worked in a newsroom, security was not a contemporary issue. Likewise, though many students do have traumatic experiences online, students have not often faced digital attacks specifically in response to their reporting assignments, like the kind they will likely face on the job. With less exposure to security threats seen in newsrooms, these issues are often rendered invisible among faculty.

In other words, J-schools are dealing with significant knowledge gaps and competing incentives. Even when it’s a topic on their radar, J-school programs may not always have the in-house knowledge or the willingness to give this topic the time it needs. You could understand why, then, it’s rare for a program to dedicate more than 1-2 hours to digital security education.

It’s not all doom and gloom, however. A growing number of programs are turning their attention to the need for digital security skills in journalism. For example, the new Craig Newmark Center for Journalism Ethics and Security is making hefty investments in this area.

Likewise, a constellation of educators within and across J-schools are working to advance journalistic security. Susan McGregor is one of the few experts in this area who has studied and instructed on journalistic security in multiple programs at Columbia University. Dr. Gi W. Yun at the Reynolds School of Journalism at the University of Nevada, Reno, with help from the Electronic Frontier Foundation, has developed an innovative course on cybersecurity, privacy, and surveillance. At Freedom of the Press Foundation, we partnered with former national security reporter Marc Ambinder to help devise an exhaustive digital security course for the University of Southern California’s Annenberg School for Communication and Journalism. The people doing this work are few and far between, but they are out there.

We need more of these security champions. In J-schools, security champions advance journalistic security by organizing appropriate expertise (typically by going outside of the department), convincing department leadership it’s worthwhile, and by building sustainable infrastructure, such as external partnerships, funding, and advocating for opportunities to embed these lessons into the broader curriculum. Each program with a digital security offering started with one or more security champions who earned department buy-in.

Though digital security workshops conducted in many J-schools are often ad hoc, they are one of the few places where security education has broken through. Workshops also introduce opportunities to invite in external expertise. For example, at Freedom of the Press Foundation, the digital security team regularly conducts workshops with newsrooms and universities, and in 2020 over 1200 journalists attended at least one of these workshops.

While we think these workshops are vital to working journalists, they aren’t a one-size-fits-all solution. Consider the devices and platforms we use in a given day: cell phones, computers, and tablets of all different brands and models. Then add on top of that the ways we communicate over these devices: calls, emails, text messages, social media, and countless other apps. Those devices and platforms are constantly updating and changing, and the advice on what tools to use changes radically depending on the situation. (For example, the advice you’d give journalists covering national security in the U.S. is sometimes the opposite of what is necessary in Russia.) You can quickly see it would be impossible for journalists to learn everything they need to stay safe in a day or two. A workshop can be a meaningful starting point, but the time needed to reflect on and engage the material is often lacking.

To drive systemic change in security education needed in newsrooms today and in the future, journalism schools would ideally integrate these practices into a digital security curriculum, where students can not only learn the proper tools to use, but more importantly the mindset to think critically through these problems. That way, when the tools change they’ll be able to change with them. This is only possible to do when they have the time and space to take in everything they need to navigate their work in relative safety.

To help instructors get started, later this year Freedom of the Press Foundation will be releasing an exhaustive digital security curriculum with modular lessons on security basics for journalists, which will be free and openly available to the community.

We desperately need more security champions in the field, and universities should be leading the way, instead of following from behind.

--

[1] We contacted universities to learn about their course offerings between February 20 to April 2, 2020, and gathered our interviews between January 29, 2020 to June 2, 2020.

Dr. Martin Shelton is principal researcher at Freedom of the Press Foundation, focused on security and user research.

Dr. Jennifer Henrichsen recently defended her dissertation at the University of Pennsylvania’s Annenberg School of Communication, and she worked with Freedom of the Press Foundation on this research. She is an incoming Assistant Professor at Washington State University in fall 2021.

Image credit: Elisabeth Woldt. CC-BY-NC 2.0

In a welcome and long-overdue move, the Department of Justice (DOJ) today formally adopted a policy prohibiting, with few exceptions, the use of surveillance on journalists "acting within the scope of newsgathering activities."

The new memo, signed by Attorney General Merrick Garland, codifies an announcement outlined last month, when the White House and DOJ promised important new restrictions of the kind of surveillance that has been used in leak investigations spanning at least four presidential administrations, including in a series of high-profile cases beginning under former President Trump but only disclosed earlier this year.

The following statement can be attributed to Freedom of the Press Foundation advocacy director Parker Higgins:

These new rules prohibiting the surveillance of journalists are the strongest in the modern history of the Department of Justice — and that’s a big victory for press freedom. But it’s important to note that this new policy could be undone by a future Department of Justice memo.

Congress must immediately codify these new guidelines into law so that they will be permanent and cannot be broken or ignored on the whim of whoever holds the office of the Attorney General. Senator Ron Wyden's PRESS Act would do just that, and members of both parties should get behind swift passage of the bill.