a Better Bubble™

Freedom of the Press

New research: Why don’t more J-schools teach digital security?

3 years 3 months ago

In recent years at Freedom of the Press Foundation — where we have one of the only full-time digital security teams focused on training journalists — we’ve seen firsthand how newsroom demand for security expertise has exploded. So you’d think educating the next generation of journalists about digital security would be a critical part of journalism schools as well. Unfortunately, our research suggests we have a long way to go.

Recently, we presented new and original research on the barriers to digital security education in U.S. J-schools at the 2021 International Communications Association conference.

Just like contemporary newsrooms targeted for hacking and surveillance, student journalists who move to professional newsrooms will be expected to promote their work online. In turn, they will have to worry about communications being monitored by their governments, state-sponsored hackers infiltrating their newsrooms, coordinated harassment campaigns, and much more.

We wanted to know what journalism schools are doing to prepare students for this volatile environment for digital safety. In early 2020[1] we reached out to accredited and provisionally accredited graduate and undergraduate university programs across the U.S. — at the time 106 departments. We contacted department heads, professors focused on technology coursework, and department staff whose roles involve knowledge of the program (e.g., students services specialists), and asked if they offered digital security courses or related coursework. Of the programs we contacted, 43% responded. We also examined the non-responsive programs’ course offerings to learn if they had related listings. Finally, we interviewed 13 instructors and 10 students to learn more about security education at their programs.

Despite the clear need for digital security education, of the responsive programs, roughly one-in-four said they offered digital security education of some kind. When these efforts do take place, typically they are one-time lectures embedded in ongoing coursework, as well as informal, ad hoc workshops. At the time of the study, among accredited and provisionally accredited programs we identified two J-schools — University of Nevada, Reno’s Reynolds School and University of Southern California’s Annenberg School — that offered dedicated digital security courses as electives. (To be clear, there may be others that we lacked visibility into.)

One-off workshops cover digital security fundamentals, such as an introduction to risk assessment techniques, password practices, and encrypted chat tools like Signal. And while these types of seminars — which usually only last 2-3 hours — are a good starting point, students may not retain all of the information taught in a single workshop, given the range of tools and practices introduced in a relatively short time. Likewise, they may not have dedicated time to practice implementing the suggested security practices, and therefore may not develop the experience necessary to incorporate them into their work. Extended courses, by comparison, provide this time and space.

Many professors suggested that their program would have a difficult time accommodating digital security coursework because they already struggle to fit so many topics into their existing program. Each year, industry trends influence how departments prioritize their coursework, and in recent years departments have been pulled into dozens of less-familiar topic areas, such as novel digital media techniques and programming skills, further straining instructors’ time.

J-schools’ education priorities are highly market-driven. Many newsrooms are influencing J-schools to help them develop competencies that will be used in journalistic output, such as podcasting and data reporting. By contrast, digital security is often seen as less critical to the output of reporting—despite its outsized importance.

We also know the Accrediting Council on Education in Journalism and Mass Communications has prioritized a variety of digital media literacy topics, but does not ask departments to require any form of digital security education. Such a requirement would incentivize over a hundred programs to adopt digital security in their curriculum.

Another reason so few programs have digital security offerings is that department leadership is simply not aware of the significance of this problem. We spoke to a few instructors in positions of leadership who said that when they worked in a newsroom, security was not a contemporary issue. Likewise, though many students do have traumatic experiences online, students have not often faced digital attacks specifically in response to their reporting assignments, like the kind they will likely face on the job. With less exposure to security threats seen in newsrooms, these issues are often rendered invisible among faculty.

In other words, J-schools are dealing with significant knowledge gaps and competing incentives. Even when it’s a topic on their radar, J-school programs may not always have the in-house knowledge or the willingness to give this topic the time it needs. You could understand why, then, it’s rare for a program to dedicate more than 1-2 hours to digital security education.

It’s not all doom and gloom, however. A growing number of programs are turning their attention to the need for digital security skills in journalism. For example, the new Craig Newmark Center for Journalism Ethics and Security is making hefty investments in this area.

Likewise, a constellation of educators within and across J-schools are working to advance journalistic security. Susan McGregor is one of the few experts in this area who has studied and instructed on journalistic security in multiple programs at Columbia University. Dr. Gi W. Yun at the Reynolds School of Journalism at the University of Nevada, Reno, with help from the Electronic Frontier Foundation, has developed an innovative course on cybersecurity, privacy, and surveillance. At Freedom of the Press Foundation, we partnered with former national security reporter Marc Ambinder to help devise an exhaustive digital security course for the University of Southern California’s Annenberg School for Communication and Journalism. The people doing this work are few and far between, but they are out there.

We need more of these security champions. In J-schools, security champions advance journalistic security by organizing appropriate expertise (typically by going outside of the department), convincing department leadership it’s worthwhile, and by building sustainable infrastructure, such as external partnerships, funding, and advocating for opportunities to embed these lessons into the broader curriculum. Each program with a digital security offering started with one or more security champions who earned department buy-in.

Though digital security workshops conducted in many J-schools are often ad hoc, they are one of the few places where security education has broken through. Workshops also introduce opportunities to invite in external expertise. For example, at Freedom of the Press Foundation, the digital security team regularly conducts workshops with newsrooms and universities, and in 2020 over 1200 journalists attended at least one of these workshops.

While we think these workshops are vital to working journalists, they aren’t a one-size-fits-all solution. Consider the devices and platforms we use in a given day: cell phones, computers, and tablets of all different brands and models. Then add on top of that the ways we communicate over these devices: calls, emails, text messages, social media, and countless other apps. Those devices and platforms are constantly updating and changing, and the advice on what tools to use changes radically depending on the situation. (For example, the advice you’d give journalists covering national security in the U.S. is sometimes the opposite of what is necessary in Russia.) You can quickly see it would be impossible for journalists to learn everything they need to stay safe in a day or two. A workshop can be a meaningful starting point, but the time needed to reflect on and engage the material is often lacking.

To drive systemic change in security education needed in newsrooms today and in the future, journalism schools would ideally integrate these practices into a digital security curriculum, where students can not only learn the proper tools to use, but more importantly the mindset to think critically through these problems. That way, when the tools change they’ll be able to change with them. This is only possible to do when they have the time and space to take in everything they need to navigate their work in relative safety.

To help instructors get started, later this year Freedom of the Press Foundation will be releasing an exhaustive digital security curriculum with modular lessons on security basics for journalists, which will be free and openly available to the community.

We desperately need more security champions in the field, and universities should be leading the way, instead of following from behind.

--

[1] We contacted universities to learn about their course offerings between February 20 to April 2, 2020, and gathered our interviews between January 29, 2020 to June 2, 2020.

Dr. Martin Shelton is principal researcher at Freedom of the Press Foundation, focused on security and user research.

Dr. Jennifer Henrichsen recently defended her dissertation at the University of Pennsylvania’s Annenberg School of Communication, and she worked with Freedom of the Press Foundation on this research. She is an incoming Assistant Professor at Washington State University in fall 2021.

Image credit: Elisabeth Woldt. CC-BY-NC 2.0

Martin Shelton, Dr. Jennifer Henrichsen

Congress must pass the Justice Dept’s new media surveillance rules into law

3 years 4 months ago

In a welcome and long-overdue move, the Department of Justice (DOJ) today formally adopted a policy prohibiting, with few exceptions, the use of surveillance on journalists "acting within the scope of newsgathering activities."

The new memo, signed by Attorney General Merrick Garland, codifies an announcement outlined last month, when the White House and DOJ promised important new restrictions of the kind of surveillance that has been used in leak investigations spanning at least four presidential administrations, including in a series of high-profile cases beginning under former President Trump but only disclosed earlier this year.

The following statement can be attributed to Freedom of the Press Foundation advocacy director Parker Higgins:

These new rules prohibiting the surveillance of journalists are the strongest in the modern history of the Department of Justice — and that’s a big victory for press freedom. But it’s important to note that this new policy could be undone by a future Department of Justice memo.

Congress must immediately codify these new guidelines into law so that they will be permanent and cannot be broken or ignored on the whim of whoever holds the office of the Attorney General. Senator Ron Wyden's PRESS Act would do just that, and members of both parties should get behind swift passage of the bill.

Freedom of the Press Foundation

Fifty years ago today, Senator Mike Gravel read the Pentagon Papers into the official record. More lawmakers should follow his lead.

3 years 4 months ago

Fifty years ago today, with the New York Times and the Washington Post tied up in the Supreme Court over whether they could report on the leaked Pentagon Papers, a young Senator named Mike Gravel was taking matters into his own hands.

Gravel had just obtained a second copy of the Pentagon Papers from whistleblower (and, much later, Freedom of the Press Foundation co-founder) Daniel Ellsberg, through a midnight curbside handoff from Ben Bagdikian, an editor and journalist at the Post. In an act of remarkable bravery, Gravel convened a subcommittee meeting, and read from the Papers until one A.M., culminating in an emotional description of the violence of war. He then inserted 4,100 pages of the document into the Congressional Record.

In the morning, the Supreme Court cleared the Times and the Post to continue publishing, in one of the most important press freedom decisions in the court's history.

Gravel took action despite considerable nerves; he reportedly "had not slept for three nights, overwrought with fatigue and fear that he might be headed to prison." But he was also protected by the "Speech or Debate Clause" of the U.S. Constitution, which protects Congress members from arrest or inquiry for statements made on the floor of the House or Senate. Many state constitutions have similar forms of parliamentary immunity.

Still, a Gravel aide faced a subpoena from a federal grand jury empaneled to investigate the Senator's actions. Gravel moved to intervene, and the question of whether the aide could be compelled to testify also made its way to the Supreme Court. In Gravel v. United States, the Court issued a 5-4 opinion holding that Congressional aides and employees enjoy the same legal protection as the legislators themselves.

(The decision also narrowed the Speech or Debate Clause in part, explicitly limiting it to actions "essential to the deliberations" of the legislative body, and thus deeming it did not cover Gravel's transmitting the Papers for private publication. In a powerful dissent to that portion in particular, Justice William O. Douglas argued: "To allow the press further to be cowed by grand jury inquiries and prosecution is to carry the concept of 'abridging' the press to frightening proportions.")

Senator Gravel died this weekend at 91 years old. Without a doubt, his willingness to bring the Pentagon Papers to the public is one shining example that more lawmakers should follow.

But despite the fact that Gravel’s heroic actions in protest of the nation’s broken secrecy system would be his defining legacy, other members of Congress have largely not followed in his footsteps. From the CIA torture program to NSA surveillance to extrajudicial drone strikes, the US government has used the classification system to shield corruption, abuse, and illegal behavior from the American public. In many cases, courts have protected the executive branch from accountability. At the same time, they have harshly punished whistleblowers who come forward to the press.

Members of Congress enjoy a unique broad immunity to expose illegal government programs and lies. And yet, besides Senator Gravel, no one has chosen to use it. We hope in the future, more members of Congress will show the same bravery he did fifty years ago today.

Parker Higgins

PayPal and Venmo enforcement procedures threaten First Amendment protected speech

3 years 5 months ago

PayPal and its subsidiary Venmo must bring more transparency and accountability to its practices around account freezes and closures, argues a new letter signed by Freedom of the Press Foundation and nearly two dozen human rights and civil liberties groups.

The payment giant has become notorious for suspending or disrupting transfers for lawful controversial content without due process, including of course in the financial blockade against the whistleblower site WikiLeaks in the early 2010s — an extralegal embargo that Freedom of the Press Foundation was founded in part to address. In another case, PayPal froze the account of News Media Canada over a payment to submit an article about Syrian refugees for an award.

The risk of arbitrary interruption to online payments can be a serious one, especially for independent reporters without institutional support. And the problem isn't limited to news reporting: supporters of the privacy network Tor, creators engaged in erotic fiction or sex work, and online communities simply accused of copyright infringement have all faced restrictions at one point or another. These disruptions can be existential, as we note in the letter:

In our increasingly digital world, in which websites and online consumers rely on payment processors such as PayPal to send online payments for goods and services, fund their online infrastructure, and even pay staff, these opaquely implemented account freezes can be disruptive and disadvantageous to individuals, nonprofits, and companies. PayPal and your subsidiary Venmo have over 360 million users — which means you have a staggering amount of influence over the financial lives of these individuals as well as access to an enormous trove of highly sensitive information that should not flow to the government without adequate safeguards.

The recommendations in the letter are in line with the Santa Clara Principles on Transparency and Accountability in Content Moderation, which aim to help companies center human rights when moderating user-generated content and accounts.

Today's letter, which can be found in full below, was led by the Electronic Frontier Foundation and signed by 7amleh - The Arab Center for the Advancement of Social Media, Access, ACLU of Northern California, American Civil Liberties Union, Article 19, the Center for Democracy and Technology, Center for LGBTQ Economic Advancement & Research (CLEAR), Demand Progress Education Fund, European Legal Support Center (ELSC), Fight for the Future, Freedom of the Press Foundation, Global Voices, Masaar-Technology and Law Community, Mnemonic, New America’s Open Technology Institute, PDX Privacy, the Tor Project, Taraaz, Ranking Digital Rights, Restore the Fourth Minnesota, and SMEX.

Parker Higgins

Major news outlets must push Biden DOJ to drop Assange charges — their press freedom rights are at stake

3 years 5 months ago

Three major news organizations are set to meet with the Department of Justice (DOJ) today to discuss the recent journalist surveillance scandals, and talk with the Attorney General Merrick Garland about how the DOJ plans to to prevent the use of subpoenas and surveillance to root out journalistic sources in future leak investigations.

While the news outlets plan to push for more concrete promises from the Justice Department to prevent further spying on reporters, it’s vitally important that the same publishers use today’s opportunity to press the Attorney General to drop the prosecution of WikiLeaks founder Julian Assange, which constitutes the most clear and present danger to this country’s press freedom rights. If the case continues, it would render Garland’s new promises worthless.

Assange is charged under the Espionage Act and the Computer Fraud and Abuse Act, largely for activities U.S. national security journalists engage in all the time. When the Trump administration proceeded with the indictment, many major news publishers spoke out forcefully against it, despite harshly criticizing Assange in the past. Virtually every major human rights and civil liberties group in the country urged Biden's DOJ not to continue with the prosecution earlier this year.

Beyond the injustice of the case itself, though, its precedent threatens to undermine the very same new rules that publishers will discuss today. As Garland said in Senate testimony Wednesday: “In developing this policy, we have to distinguish between reporters doing their jobs and reporters committing crimes unrelated to the leaking.”

If the Justice Department is promising on the one hand not to use subpoenas against journalists unless they are otherwise engaged in a crime, and on the other hand is laying out the blueprint for charging journalists who report on sensitive national security information, the problem could not be more clear.

We are cautiously optimistic about the new Department of Justice rules, pending final language, and we view their introduction as a possible sea change for press freedom in the United States. We absolutely encourage the news organizations meeting today to push for the strongest possible guidelines, and for Congress to codify those guidelines into law that cannot be changed at the stroke of a future president's pen.

But we also must remain vigilant to loopholes and exceptions to these new guidelines, and expect this and future administrations to interpret the rules as they see fit. With the Knight First Amendment Institute, we've written about one major unknown in terms of who constitutes a "journalist" for the purpose of the guidelines.

Today, as stakeholders hammer out the details of this new rule, we urge the news organizations and the self-described press freedom advocates within the administration to consider the danger of pending Espionage Act charges against a publisher. And we continue to urge the Department of Justice to drop the prosecution.

Parker Higgins

In a sea change for press freedom, Biden administration vows not to spy on reporters doing their job

3 years 5 months ago

After a month of disclosures about the Trump Justice Department pursuing surveillance records of journalists through leak investigation subpoenas — culminating in yesterday’s revelation of a subpoena and a gag order pertaining to four New York Times journalists, served by the Trump administration and initially defended by the current Department of Justice — the Biden administration has announced a new policy that could signal a major shift in the interaction of press freedom and state surveillance.

White House press secretary Jen Psaski released a statement today saying “the issuing of subpoenas for the records of reporters in leak investigations is not consistent with the President’s policy direction to the Department.” The Justice Department separately told reporters: “in a change to its longstanding practice, [the DOJ] will not seek compulsory legal process in leak investigations to obtain source information from members of the news media doing their jobs."

The following statement can be attributed to Freedom of the Press Foundation executive director Trevor Timm:

This announcement is a potential sea change for press freedom rights in the United States. Over the past decade — spanning multiple administrations run by both parties — the Justice Department has increasingly spied on reporters doing their job, casting a chill over investigative reporting and putting countless whistleblowers at risk.

While we’re encouraged to see this announcement ending this invasive and disturbing tactic, the devil is — of course — in the details. The Justice Department must now write this categorical bar of journalist surveillance into its official ‘media guidelines,’ and Congress should also immediately enshrine the rules into law to ensure no administration can abuse its power again. If they follow through, this commendable and vitally important decision by the Biden administration has the potential to stem the tide of more than ten years of erosion of press freedom.

Freedom of the Press Foundation

Documenting an extraordinary year of press freedom violations

3 years 5 months ago

The U.S. Press Freedom Tracker, a project of Freedom of the Press Foundation and Committee to Protect Journalists, has published an overview of a truly remarkable year’s worth of press freedom violations during nationwide protests since the police killing of George Floyd. Building on individually reported accounts of every journalist assault, arrest, damaged equipment, or other press freedom violations, the Tracker aims to provide the definitive telling of the crackdown on journalists that emerged alongside the protests.

As reporters covered the movement, they were subjected to more than 150 arrests or detainments, 580 physical attacks, and 112 incidents of damaged equipment. The phenomenon peaked last summer and has continued into 2021, which has seen two dozen arrests or detainments, nearly three dozen physical attacks, and 9 incidents of damaged equipment.

“To say the past year was a historic chapter in the story of press freedom in the United States would be an understatement. I had to stop using the word ‘unprecedented’ even as we reported out case numbers that were unlike any we’d ever seen,” said U.S. Press Freedom Tracker’s managing editor Kirstin McCudden. “But even after following each case as it developed, pulling together a full year of data paints a picture of American press freedom that is shocking and alarming.”

Freedom of the Press Foundation